Analysis
-
max time kernel
92s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
28-05-2024 16:01
Behavioral task
behavioral1
Sample
b77f3cc05093b680198f0ccb7612f4435e6e9fff02163fb41e9a371cc8b6c077.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
b77f3cc05093b680198f0ccb7612f4435e6e9fff02163fb41e9a371cc8b6c077.dll
Resource
win10v2004-20240426-en
General
-
Target
b77f3cc05093b680198f0ccb7612f4435e6e9fff02163fb41e9a371cc8b6c077.dll
-
Size
9KB
-
MD5
8e17c1a803e783fa27d146cbe2305465
-
SHA1
51092efbca4432c240dc25c9904bf6e197481050
-
SHA256
b77f3cc05093b680198f0ccb7612f4435e6e9fff02163fb41e9a371cc8b6c077
-
SHA512
bdb732c5502ad399aa3b71a10cd994aa83e050e3c723bc9f008721842cf1b0c35f281dd01ff4742d147e4fc459e39e13efe54652d563fc029064f0f4abd5d4d2
-
SSDEEP
48:q0r+l6O5aXyn/hNhx4/jC/VuJoEpIEq185pI732Zr4yb0E:dX0gJIvypamZk
Malware Config
Extracted
metasploit
windows/download_exec
http://8.141.95.164:48049/MiZL
- headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENXA)
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
rundll32.exedescription pid process target process PID 3476 set thread context of 4908 3476 rundll32.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3476 wrote to memory of 4908 3476 rundll32.exe rundll32.exe PID 3476 wrote to memory of 4908 3476 rundll32.exe rundll32.exe PID 3476 wrote to memory of 4908 3476 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b77f3cc05093b680198f0ccb7612f4435e6e9fff02163fb41e9a371cc8b6c077.dll,#11⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exerundll32.exe2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4908-0-0x000001B885AA0000-0x000001B885AA1000-memory.dmpFilesize
4KB