Overview

overview

7

Static

static

3

4ccdca68c2...18.exe

windows7-x64

7

4ccdca68c2...18.exe

windows10-2004-x64

7

$EXEFILE.exe

windows7-x64

1

$EXEFILE.exe

windows10-2004-x64

1

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/$EXEFILE.exe

windows7-x64

1

$TEMP/$EXEFILE.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-05-2024 20:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/Banner.dll

  • Size

    4KB

  • MD5

    fcca36e21ca7c4ecfc29f6804acbd76b

  • SHA1

    2f1972d5a0ec8377e043b9b304e62c24c6c38506

  • SHA256

    de59710bad95741c41e608f946d9eb4edacdf73ab92a1a3341f8a160b8952c66

  • SHA512

    1885aaf379e6547e519a65751d192beb9f078d63f056886cbcdae75f37f12bf8e89c98fa3c45aa60967e19ba51329a8384cf7a64d851ab10b648b17daf9b175e

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Banner.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1284
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Banner.dll,#1
      2⤵
        PID:2504

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads