d16dddc1e9ad69c5ef67afd93eb801c74ca5b95ec8b46741786c8c8ec47b1b1d

Analysis

max time kernel
133s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

heur002.dll
Size

117KB
MD5

ee21fd7fa9a45453ed55ccb7ce7b9aaa
SHA1

335d0f3bad37dfc77cafa85b2f56c27688e64e7d
SHA256

1f6a5cd4ec1e361925b80b7b4f18b77ff70f0d27d5f6bc043f605363f1f2ef05
SHA512

d8c244c3f188a9a348cf32f1982fe4a7ff7c5a21e45ef8a5a69033b7287fd1b83bf83de2659f9cdcd516e4bef17d84cec2f0a0abcb59108127f2c2ab771f865d
SSDEEP

3072:p0WzeOMDsoAwOSxoPMVsf0nQla8vxgs2N+r3rYF:uWq/DsRgPvSCsDr3r

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 3 IoCs

Processes:

rundll32.exe

description	ioc	process
File opened for modification	C:\Windows\Nail.exe	rundll32.exe
File created	C:\Windows\Nail.txt	rundll32.exe
File created	C:\Windows\Nail.exe	rundll32.exe

Modifies registry class 3 IoCs

Processes:

rundll32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4596 wrote to memory of 4260	4596	rundll32.exe	rundll32.exe
PID 4596 wrote to memory of 4260	4596	rundll32.exe	rundll32.exe
PID 4596 wrote to memory of 4260	4596	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\heur002.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4596

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\heur002.dll,#1
2⤵
- Drops file in Windows directory
- Modifies registry class
PID:4260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Nail.txt
Filesize
1024B

MD5
abf0c43719ac7e4068ff74bde73f1583

SHA1
fae92f9de480ce3453d79b0422b62d4e8471da3e

SHA256
b2d2fecad8f7240814dc4364708825e771342acb072bad3ba2e38e1c79e4e4dd

SHA512
b2d5deea7cb115f2c7c2382e903cde39fb70890af227af128aa7dca69a17398b619134fc9ffbdef11f0d86e609173eef85d2263ece1d581b5c97507596a0f791

Download Submit
memory/4260-16-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/4260-7-0x0000000000C20000-0x0000000000C21000-memory.dmp

Filesize
4KB

Download
memory/4260-14-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/4260-8-0x0000000000DD0000-0x0000000000DD1000-memory.dmp

Filesize
4KB

Download
memory/4260-13-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/4260-6-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/4260-5-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

Filesize
4KB

Download
memory/4260-4-0x0000000000DB0000-0x0000000000DB1000-memory.dmp

Filesize
4KB

Download
memory/4260-3-0x0000000000DC0000-0x0000000000DC1000-memory.dmp

Filesize
4KB

Download
memory/4260-2-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/4260-17-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/4260-12-0x0000000000E20000-0x0000000000E21000-memory.dmp

Filesize
4KB

Download
memory/4260-18-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/4260-0-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/4260-1-0x0000000000C30000-0x0000000000C5C000-memory.dmp

Filesize
176KB

Download
memory/4260-9-0x0000000000DF0000-0x0000000000DF1000-memory.dmp

Filesize
4KB

Download
memory/4260-19-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/4260-11-0x0000000000E00000-0x0000000000E01000-memory.dmp

Filesize
4KB

Download
memory/4260-15-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/4260-20-0x0000000000EA0000-0x0000000000EA1000-memory.dmp

Filesize
4KB

Download
memory/4260-26-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/4260-29-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/4260-10-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/4260-28-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/4260-27-0x0000000000EE0000-0x0000000000EE1000-memory.dmp

Filesize
4KB

Download
memory/4260-25-0x0000000000ED0000-0x0000000000ED1000-memory.dmp

Filesize
4KB

Download
memory/4260-24-0x0000000000EB0000-0x0000000000EB1000-memory.dmp

Filesize
4KB

Download
memory/4260-23-0x0000000000EC0000-0x0000000000EC1000-memory.dmp

Filesize
4KB

Download
memory/4260-33-0x0000000000C30000-0x0000000000C5C000-memory.dmp

Filesize
176KB

Download