Overview

overview

10

Static

static

10

TotalAV.exe

windows7-x64

4

TotalAV.exe

windows10-2004-x64

4

$APPDATA/T...bb.dll

windows7-x64

1

$APPDATA/T...bb.dll

windows10-2004-x64

1

$APPDATA/T...re.dll

windows7-x64

3

$APPDATA/T...re.dll

windows10-2004-x64

3

$APPDATA/T...to.dll

windows7-x64

1

$APPDATA/T...to.dll

windows10-2004-x64

1

$APPDATA/T...id.dll

windows7-x64

1

$APPDATA/T...id.dll

windows10-2004-x64

1

$APPDATA/T...mu.dll

windows7-x64

1

$APPDATA/T...mu.dll

windows10-2004-x64

1

$APPDATA/T...xp.dll

windows7-x64

1

$APPDATA/T...xp.dll

windows10-2004-x64

1

$APPDATA/T...en.dll

windows7-x64

1

$APPDATA/T...en.dll

windows10-2004-x64

1

$APPDATA/T...lp.dll

windows7-x64

1

$APPDATA/T...lp.dll

windows10-2004-x64

1

$APPDATA/T...ur.dll

windows7-x64

1

$APPDATA/T...ur.dll

windows10-2004-x64

1

$APPDATA/T...nf.dll

windows7-x64

1

$APPDATA/T...nf.dll

windows10-2004-x64

1

$APPDATA/T...ml.dll

windows7-x64

1

$APPDATA/T...ml.dll

windows10-2004-x64

1

$APPDATA/T...le.dll

windows7-x64

1

$APPDATA/T...le.dll

windows10-2004-x64

1

$APPDATA/T...ce.dll

windows7-x64

1

$APPDATA/T...ce.dll

windows10-2004-x64

1

$APPDATA/T...ck.dll

windows7-x64

1

$APPDATA/T...ck.dll

windows10-2004-x64

1

$APPDATA/T...dl.dll

windows7-x64

1

$APPDATA/T...dl.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-05-2024 17:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $APPDATA/TotalAV/updates/SAVAPI 8.0.0/aebb.dll

  • Size

    70KB

  • MD5

    f81983581bdb64f2b9234ad881b9c7c1

  • SHA1

    a12e1674498d3859f5e867d1c958b3a72047bf62

  • SHA256

    cbcf727bb8b75864509ca1c7d68d4ef51d64a18b15b3e1145f94cd50f29746cc

  • SHA512

    03fa42f9fc249be0c2269a076ec95b50e7d323587f5b1b4325549dd010eb2500b0ef8713d1e40c99a6de89abf30a3fc8a01b2d9f77bf224b5a51b2826bb53754

  • SSDEEP

    768:9YYeKlKHPrmWYGQvredEzQiWidVtj44H6Kd3SVI2HAK2P3hh+:3PGQvrd5LtxHZcHgKW3hh+

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\$APPDATA\TotalAV\updates\SAVAPI 8.0.0\aebb.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\$APPDATA\TotalAV\updates\SAVAPI 8.0.0\aebb.dll",#1
      2⤵
        PID:3140

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads