Overview

overview

8

Static

static

3

dino.dll

windows7-x64

3

dino.dll

windows10-2004-x64

3

launcher.bat

windows7-x64

8

launcher.bat

windows10-2004-x64

8

Resubmissions

05-04-2024 15:10

240405-skcr9sfc7s 8

20-12-2023 19:03

231220-xqn5psdhhm 8

Analysis

  • max time kernel
    131s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05-04-2024 15:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    launcher.bat

  • Size

    87B

  • MD5

    864189b29e0ee9338690f34f60d9ed61

  • SHA1

    2f130b692da72031ca0089894b84d716319c3b9a

  • SHA256

    6887bbcea8d76ccb3cdf324d5a7b0feea4a7bbc17e4c05c9e7e07c735ba565a4

  • SHA512

    957853c8a9a67d0555ddeb3981440d9709ff2762a4e4ae7cf48bc2a8a4cb9304154b696411ea4a521871b8322bdb433fd36988e230b91d1656f6c0c8488abafb

Score
8/10
dave

Malware Config

Signatures

  • Blocklisted process makes network request 12 IoCs
  • Dave packer 1 IoCs

    Detects executable using a packer named 'Dave' by the community, based on a string at the end.

    dave
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 21 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\launcher.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Windows\system32\rundll32.exe
      rundll32.exe dino.dll ADMISSIONS_get0_admissionAuthority
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3004
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe dino.dll ADMISSIONS_get0_admissionAuthority
        3⤵
        • Blocklisted process makes network request
        • Checks processor information in registry
        PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2680-2-0x0000000002060000-0x0000000002436000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2680-0-0x0000000002440000-0x0000000002818000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2680-5-0x0000000002820000-0x0000000002BFF000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2680-13-0x0000000002FD0000-0x00000000037DA000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/2680-14-0x0000000002FD0000-0x00000000037DA000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/2680-15-0x0000000002FD0000-0x00000000037DA000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/2680-16-0x0000000002FD0000-0x00000000037DA000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/2680-17-0x0000000002FD0000-0x00000000037DA000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/2680-18-0x0000000002FD0000-0x00000000037DA000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/2680-19-0x0000000002FD0000-0x00000000037DA000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/2680-20-0x0000000002FD0000-0x00000000037DA000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/2680-21-0x0000000002FD0000-0x00000000037DA000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/2680-22-0x0000000002FD0000-0x00000000037DA000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/2680-23-0x0000000002FD0000-0x00000000037DA000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/2680-25-0x0000000002FD0000-0x00000000037DA000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/2680-26-0x0000000002FD0000-0x00000000037DA000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/2680-34-0x0000000002FD0000-0x00000000037DA000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/2680-39-0x0000000002FD0000-0x00000000037DA000-memory.dmp

    Filesize

    8.0MB

    Download

  • memory/2680-42-0x0000000002FD0000-0x00000000037DA000-memory.dmp

    Filesize

    8.0MB

    Download