Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 18:38

General

  • Target

    $TEMP/diaeresis.dll

  • Size

    10KB

  • MD5

    51921a259471561b82e7b37b08cac3a5

  • SHA1

    a3d991d42e1861f4db64438969116771bc8dbb81

  • SHA256

    32dc82dd46ca4e4937b9f3c31988dde9cd1cfd4c907798d942b13394169f1bf6

  • SHA512

    2446084e48688f37e60116c734dc9c8172e3692b2dde6e915c35f89bed7c383c4c62516680b4a701f3a8d29bcfdf7418f9846c302d4a64f042aabe000b07aa7a

  • SSDEEP

    192:dWRKKJtAvnh/W+z0DPlZ8GRSkmBxu22HypO00XX:dwJtAf70pRgxdJO00XX

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\diaeresis.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2620
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\diaeresis.dll,#1
      2⤵
      • Drops file in Windows directory
      PID:1256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\win.ini

    Filesize

    517B

    MD5

    893cae59ab5945a94a7da007d47a1255

    SHA1

    d4cfd81c6647ca64022bd307c08a7fb4bbbd4c06

    SHA256

    edfa0f2d3bea9f737e0315971c6f81d3d8e7d460b60a19351ada0316a093c938

    SHA512

    d66e454781f54f45df814ad32d687b0f100578c2a4ffca62de81add04281fb881a550702bd2d058933d3736d14e88624af268a86ce24b0c3935242b206ffdcc9

  • memory/1256-0-0x00000000001B0000-0x00000000001B7000-memory.dmp

    Filesize

    28KB

  • memory/1256-6-0x0000000000180000-0x0000000000181000-memory.dmp

    Filesize

    4KB

  • memory/1256-7-0x0000000000190000-0x0000000000191000-memory.dmp

    Filesize

    4KB