Overview

overview

10

Static

static

10

da6a04e55e...2c.dll

windows7-x64

8

da6a04e55e...2c.dll

windows7-x64

8

da6a04e55e...2c.dll

windows10-1703-x64

8

da6a04e55e...2c.dll

windows10-2004-x64

8

da6a04e55e...2c.dll

windows11-21h2-x64

8

Resubmissions

17-04-2024 09:04

240417-k1zmzaca81 10

17-04-2024 09:02

240417-kzr7haca6x 10

17-04-2024 09:02

240417-kzrkzaca6v 10

17-04-2024 09:02

240417-kzqzfaae49 10

17-04-2024 09:02

240417-kzqcxaae48 10

17-04-2024 09:02

240417-kzprdaae46 10

16-04-2024 14:04

240416-rdht9sdd9w 10

Analysis

  • max time kernel
    600s
  • max time network
    598s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-04-2024 09:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    da6a04e55e07cfd3c541c340e945c4dad38ac8d414d38dadd3f406f9c954652c.dll

  • Size

    30KB

  • MD5

    b950169921d1437cef4a85778cd81636

  • SHA1

    3d20b1c6f93029ab557819efd1f32afc25ac1e88

  • SHA256

    da6a04e55e07cfd3c541c340e945c4dad38ac8d414d38dadd3f406f9c954652c

  • SHA512

    d0b87c1a119ba712c8b85fcb442286133320ec03df589276106987f2947ebbc603dfabaad7e2efbec4998067ef508f1c12bbc5a54502097665315a7b9ba9cf70

  • SSDEEP

    768:Ugj98hSEzIOxO+OZWBaFWsBC7wU6LPLoEf73Wud9BdoJrZmZEMb+:Z0IOxO+OZWBGWsB+w93L39BdoD

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 64 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\da6a04e55e07cfd3c541c340e945c4dad38ac8d414d38dadd3f406f9c954652c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4052
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\da6a04e55e07cfd3c541c340e945c4dad38ac8d414d38dadd3f406f9c954652c.dll,#1
      2⤵
      • Blocklisted process makes network request
      PID:4452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads