b792a3a2b46072f6c0ef11cc0e0b4366af25a4a43e5a94476b6e387e765a1e25

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1900e1e64c730073c74c7bd72ef8f3e.dll
Size

176KB
MD5

e1900e1e64c730073c74c7bd72ef8f3e
SHA1

f2a2faf02d532bf9f2c209d349c580f4525ad19a
SHA256

b792a3a2b46072f6c0ef11cc0e0b4366af25a4a43e5a94476b6e387e765a1e25
SHA512

9256d304e6cfb52a070276d026eb86eec713fa6054092e9d977a5b734f240cc8d767f7f1117347fe4c50f516736339e34839d7614fd603eef4d4a797e1cd0722
SSDEEP

3072:Kt5X/FnNDIwTweBhNZAxdJIeQ7hqrw1o98PsMBv3MCmJpJTJOO:Kth9DfKx/8GcsMBvMCmJppIO

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\aspr_keys.ini	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 1792	2680	rundll32.exe	84
PID 2680 wrote to memory of 1792	2680	rundll32.exe	84
PID 2680 wrote to memory of 1792	2680	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1900e1e64c730073c74c7bd72ef8f3e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1900e1e64c730073c74c7bd72ef8f3e.dll,#1
  2⤵
  - Drops file in System32 directory
  PID:1792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1792-0-0x0000000067000000-0x0000000067037000-memory.dmp

Filesize
220KB

Download
memory/1792-1-0x00000000021B0000-0x00000000021F2000-memory.dmp

Filesize
264KB

Download
memory/1792-2-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1792-5-0x00000000757D0000-0x0000000075A54000-memory.dmp

Filesize
2.5MB

Download
memory/1792-4-0x00000000007A0000-0x00000000007A1000-memory.dmp

Filesize
4KB

Download
memory/1792-9-0x0000000076520000-0x000000007659A000-memory.dmp

Filesize
488KB

Download
memory/1792-10-0x0000000076520000-0x000000007659A000-memory.dmp

Filesize
488KB

Download
memory/1792-12-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/1792-11-0x00000000023D0000-0x00000000023D3000-memory.dmp

Filesize
12KB

Download
memory/1792-13-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/1792-7-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/1792-15-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/1792-25-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/1792-33-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/1792-35-0x00000000757D0000-0x0000000075A54000-memory.dmp

Filesize
2.5MB

Download
memory/1792-34-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/1792-37-0x00000000757D0000-0x0000000075A54000-memory.dmp

Filesize
2.5MB

Download
memory/1792-39-0x0000000076520000-0x000000007659A000-memory.dmp

Filesize
488KB

Download
memory/1792-41-0x0000000076520000-0x000000007659A000-memory.dmp

Filesize
488KB

Download
memory/1792-43-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/1792-44-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/1792-42-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/1792-40-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/1792-38-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/1792-36-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/1792-32-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/1792-31-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/1792-30-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/1792-29-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/1792-28-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/1792-27-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/1792-26-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/1792-24-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/1792-23-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/1792-22-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/1792-21-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/1792-20-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/1792-19-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/1792-18-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/1792-17-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/1792-16-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/1792-14-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1792-8-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/1792-6-0x00000000757D0000-0x0000000075A54000-memory.dmp

Filesize
2.5MB

Download
memory/1792-3-0x00000000007B0000-0x00000000007B1000-memory.dmp

Filesize
4KB

Download
memory/1792-45-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads