Overview

overview

10

Static

static

10

fcadf0a0a2...9d.exe

windows7-x64

7

fcadf0a0a2...9d.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

7z/7z.dll

windows7-x64

1

7z/7z.dll

windows10-2004-x64

1

7z/7z.exe

windows7-x64

1

7z/7z.exe

windows10-2004-x64

1

CalcHashAB.dll

windows7-x64

1

CalcHashAB.dll

windows10-2004-x64

3

Extxml2.dll

windows7-x64

3

Extxml2.dll

windows10-2004-x64

3

FatOperate.dll

windows7-x64

3

FatOperate.dll

windows10-2004-x64

3

FileHash.dll

windows7-x64

1

FileHash.dll

windows10-2004-x64

3

Initialize.dll

windows7-x64

6

Initialize.dll

windows10-2004-x64

6

LibSearchFileName.dll

windows7-x64

1

LibSearchFileName.dll

windows10-2004-x64

1

NamePipe.dll

windows7-x64

3

NamePipe.dll

windows10-2004-x64

3

NtfsOperate.dll

windows7-x64

1

NtfsOperate.dll

windows10-2004-x64

1

RecoveryPhoto.dll

windows7-x64

1

RecoveryPhoto.dll

windows10-2004-x64

3

SaveOperate.dll

windows7-x64

1

SaveOperate.dll

windows10-2004-x64

1

SoftwareLog.dll

windows7-x64

1

SoftwareLog.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-04-2024 02:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SaveOperate.dll

  • Size

    89KB

  • MD5

    9d7cca6ddfaf6e5353200b07365a474e

  • SHA1

    dba1e692f8d30abb9ef2e41a0a330701a3610555

  • SHA256

    ee37569f18268ad3189867f076fd2b3f9dcf016cdca92ad6a80f7798ac3e3f5d

  • SHA512

    456dcca23d3515c4f7517357086e7ee3ef5b0f9aadc399824c5a12de27c292c7e1739d49f43a24cfca3aa1f5b4bfc456d898aa9068f4550698e009fdbad7934a

  • SSDEEP

    768:uXc8P4o00m+CusjIlenL3iVay4lJLIhTozIo37PNW1zuageMU4p2FIvSR6uE6RMh:qci4N+COK2Vah+ToqqFL6RWovnFkKBi

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\SaveOperate.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\SaveOperate.dll,#1
      2⤵
        PID:2376

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads