1cdf0dcd13a46906d73588a4f2ef20637d25706ce90b53a7b6f1701c28cb3596

Resubmissions

26-03-2024 14:35

240326-ryecksfd5y 10

26-03-2024 14:27

240326-rse2xsfb8y 10

Analysis

max time kernel
1561s
max time network
1566s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20efc37efcb36bc4a7cdf75ff667d3193959bf1858a4c115fd4301ca11ce8ddb.dll
Size

28KB
MD5

07ce060934a9106a3e135c33ebd64e9e
SHA1

e9d0fdb9d91ec314778f45065642066cbd4c575b
SHA256

20efc37efcb36bc4a7cdf75ff667d3193959bf1858a4c115fd4301ca11ce8ddb
SHA512

c3c17c911464deb7be6daf3339738fb53e89a93f0b58eb5971d6ffbbd7aced4d88ff61ab2ac973f8c1f6dafdf9e4dc505d17607b0b8b9be822b98b0b8a320f8a
SSDEEP

192:EmUk5kULV+jC9LDADPF9+qQ/1nwzJvZvdW9+2Cp92xR43beMs7ui4jrh:EmFDR+jCpAJ9+qQ/1nZMHeMsCj

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

rundll32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Ç§Ç§¾²Ìý = "C:\\Windows\\SysWOW64\\TTPlayer.exe"	rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 340 wrote to memory of 2332	340	rundll32.exe	rundll32.exe
PID 340 wrote to memory of 2332	340	rundll32.exe	rundll32.exe
PID 340 wrote to memory of 2332	340	rundll32.exe	rundll32.exe
PID 340 wrote to memory of 2332	340	rundll32.exe	rundll32.exe
PID 340 wrote to memory of 2332	340	rundll32.exe	rundll32.exe
PID 340 wrote to memory of 2332	340	rundll32.exe	rundll32.exe
PID 340 wrote to memory of 2332	340	rundll32.exe	rundll32.exe
PID 2332 wrote to memory of 2448	2332	rundll32.exe	rundll32.exe
PID 2332 wrote to memory of 2448	2332	rundll32.exe	rundll32.exe
PID 2332 wrote to memory of 2448	2332	rundll32.exe	rundll32.exe
PID 2332 wrote to memory of 2448	2332	rundll32.exe	rundll32.exe
PID 2332 wrote to memory of 2448	2332	rundll32.exe	rundll32.exe
PID 2332 wrote to memory of 2448	2332	rundll32.exe	rundll32.exe
PID 2332 wrote to memory of 2448	2332	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\20efc37efcb36bc4a7cdf75ff667d3193959bf1858a4c115fd4301ca11ce8ddb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:340

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\20efc37efcb36bc4a7cdf75ff667d3193959bf1858a4c115fd4301ca11ce8ddb.dll,#1
2⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2332

C:\Windows\SysWOW64\rundll32.exe
rundll32 "C:\Windows\SysWOW64\Pidalce.dll",DPldalic
3⤵
PID:2448

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Favorites\Links for United States\ÌÔ±¦Íø.url
Filesize
97B

MD5
cd0a61d98969279d5726bfe656429ef4

SHA1
37fcfab8293e7d41361394ae8a827f6416b77515

SHA256
1106d3ae302e51bd55b0fa50a5befd555d0919576831d0e821daefa717b7019b

SHA512
d1ad1422d284942d0dbdf5b823cf30f705501c67244f920ddd50416de7783d7b779c1ccb0ee5452f484f5d43ff380ed255a2c30649ed4289efbac5b0b80331f1

Download Submit
C:\Users\Admin\Favorites\MSN Websites\VANCL ·²¿Í³ÏÆ·.url
Filesize
63B

MD5
c772d95f3921ad2b5cd7e591daf41bb2

SHA1
eb4d2cbe38be7fe0aded05266e1186b06281be4e

SHA256
ca07aa59518c6eacf0e572980d27d9f0fbfb6a07c390114002c35f0f4fafd555

SHA512
1d0b7b43a500d7f7f75f62bb8dd3c3f505f0b97f00d7fa8f077648461ed4ccaa1773711c118566a6caea9d2c1eab9e83b851361de7622ab2a6e173e86431b46b

Download Submit
C:\Users\Admin\Favorites\MSN Websites\XpÏµÍ³ÏÂÔØ.url
Filesize
54B

MD5
f34737c4f0c4fdb889e074ca99c25368

SHA1
5a9d9c9c4126fa806240046f22d1786a2991715d

SHA256
24f3957dacf5651ffc813986e8ac169607f7588da8ec94a2b524a877decbd480

SHA512
919225d77fbebe711a173566f159d5dcfbc13e6939ea913f87b150bd5950680aa8296c03e8580f48dae527890bf259d7a9071245af0bfa45997d454ad0ddd0dc

Download Submit
C:\Users\Admin\Favorites\MSN Websites\°ÅÀÌÔ±¦·µÀû.url
Filesize
52B

MD5
feb809ab6e61d75e1bb8a241e11385e8

SHA1
12a71885798109dea55771e53358606d2a0c4b56

SHA256
0d80613e892f32c5c09acd87cfdba76512987eac5320d07bdf40ad1afacdbdc4

SHA512
6e8b3ec1ac1e34191666bd0c84438cf089a230a1a17a3b180172615a5019097c1d59d284291a9d8877edb310a0f5e64fd0897232f89eb303506af94d549ef207

Download Submit
C:\Users\Admin\Favorites\MSN Websites\µ±µ±ÍøÉÏÉÌ³Ç.url
Filesize
131B

MD5
27de099ce4510609d75617971251ed1b

SHA1
3a7846070baa7e4e06d95193eabf395e4933c238

SHA256
55a0bc5d42f71e47faba9ea96a43a5e417ce335bd289bba8a1379466b9913bce

SHA512
1cfeffb282a6d5de6672ba191722e4f909ffe775d124d6d01205103b3ee2e3f12052e039a6aa5be5f1e6f1d6e7ce8f694f3ded3964ef01a66f05a0109e0c5e71

Download Submit
C:\Users\Admin\Favorites\MSN Websites\ÌÔ±¦»Ê¹ÚµêÆÌ´óÈ«.url
Filesize
100B

MD5
2584d6cfc29621552b28f0905fdba7f8

SHA1
a2fb6de408e519e71883974e0e3191d5f5e58949

SHA256
1a7771485a51404fce51f453ab0e4532a0674a26ac7e305d9992ba6f3daacccf

SHA512
85bf76dd1e0d4caa19713ebca259153f33511f9712a7bea97c708f526316fc2604ceba98d130404bb9dc28c0d60cfa4c3f89899e21e88579aa1e7dee4ff70dc3

Download Submit
C:\Users\Admin\Favorites\MSN Websites\ÌÔ±¦Å®ÈËÆµµÀ.url
Filesize
95B

MD5
a866782554710ef7e69bb381fb5bd7bd

SHA1
922ab6f615ae84165e084d58345515be1ad81a9d

SHA256
69e3df75ac1833490ed17a88e9fbda30301e6d18499397cfefbe6e3b2ac6d78a

SHA512
57ec15586e869d12e5fc343bca8f65cae1f65482b6655fdd01b395f289641855c17a89bbf03befde18ad190c137bcc165f86e5f17b780dc3bf38b6419a4131c3

Download Submit
C:\Users\Admin\Favorites\MSN Websites\ÌÔ±¦ÉÌ³Ç.url
Filesize
105B

MD5
bc9250c5a3210f2db2391cbec1f33f74

SHA1
4c3aeb7f8c73081a3bfe8299f07ca431e18d68ab

SHA256
7d54dcdcd48c6dd7f8138ac21f7b9a4b8a1dd3fafa1bd8947982ce908120f845

SHA512
d5ba01669542a7e0bc913d211a81651fb6d2228f42123fc4727c2da531ae75a96509e26bbd6ae251d6eaae4be49fc16a2aafe0f370617d8f71855bc965a395bf

Download Submit
C:\Users\Admin\Favorites\MSN Websites\ÍøÖ·´óÈ«.url
Filesize
48B

MD5
181686fb05f3abd9c7adea860e5f8131

SHA1
43188041be0d74503e22ac42771c7ec7b7e94907

SHA256
64efb9a71ce40259dad8cc393188f05e36804829551a4fdc1656d736af197eef

SHA512
b8943bf08a45d531f712f227ae934c5ac6fa9d71d03558bc9eac30e45e7c51e2f6ee81b4004200f331957cdeaf45af78f1c874dc4b4c42ca8bd53908c6f89753

Download Submit
C:\Users\Admin\Favorites\MSN Websites\×¿Ô½ÍøÉÏÉÌ³Ç.url
Filesize
162B

MD5
2ce9d605c8cb62c08b90f07930df170a

SHA1
2780c34d620ed793133c0635dc050371fc048498

SHA256
8c313420a0b779d32016d4d8120a361d2106e218dcef597c80af7b81efc48b5d

SHA512
20598be8e77e8ad45bb123ab0f2a63b075ee4594b363d9f564101c8cc9a0374329a36e784b6cac191815b529fe498c9782cecdeb5b15a124a5864a7d52ad4823

Download Submit