Overview

overview

7

Static

static

3

2c3624b1dc...55.dll

windows7-x64

7

2c3624b1dc...55.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 19:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c3624b1dc2d67d7c2d140b9c8a4a0a27f579c6c6093deec1ae6ee0fc7affe55.dll

  • Size

    724KB

  • MD5

    a8ea0f9cd8f0443d95a469a21917cd2e

  • SHA1

    6dff61cae0cb97e9f9258d994f4a606f41fd1e97

  • SHA256

    2c3624b1dc2d67d7c2d140b9c8a4a0a27f579c6c6093deec1ae6ee0fc7affe55

  • SHA512

    a3a0a3f3c9b5f9e12e06712c0662b2dc01cda824bd795d09de679f42b7ec68c3a6201f2c946dba5018e0ba340bad85e78546a7292f2b864822a89a7d8af38085

  • SSDEEP

    6144:Zi05kH9OyU2uv5SRf/FWgFgtBgqIRAUW9kVYeVprU4wfhTv5xD2ZP0GVGdXcukT4:8rHGPv5Smpt6DmUWuVZkxikdXcq

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies registry class 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 14 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c3624b1dc2d67d7c2d140b9c8a4a0a27f579c6c6093deec1ae6ee0fc7affe55.dll,#1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2812
  • C:\Windows\system32\ApplicationFrameHost.exe
    C:\Windows\system32\ApplicationFrameHost.exe
    1⤵
      PID:3904
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\5mcFSL.cmd
      1⤵
        PID:532
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /c schtasks.exe /Delete /F /TN "User_Feed_Synchronization-{3a9698a7-8b59-5789-8186-33aeee771cee}"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:2036
        • C:\Windows\system32\schtasks.exe
          schtasks.exe /Delete /F /TN "User_Feed_Synchronization-{3a9698a7-8b59-5789-8186-33aeee771cee}"
          2⤵
            PID:2468
        • C:\Windows\system32\rundll32.exe
          C:\Windows\system32\rundll32.exe
          1⤵
            PID:2652
          • C:\Windows\system32\WerFaultSecure.exe
            C:\Windows\system32\WerFaultSecure.exe
            1⤵
              PID:4736
            • C:\Windows\System32\cmd.exe
              "C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\zHz.cmd
              1⤵
              • Drops file in System32 directory
              PID:2188
            • C:\Windows\System32\fodhelper.exe
              "C:\Windows\System32\fodhelper.exe"
              1⤵
              • Suspicious use of WriteProcessMemory
              PID:2600
              • C:\Windows\system32\cmd.exe
                "C:\Windows\system32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\6Uy.cmd
                2⤵
                • Suspicious use of WriteProcessMemory
                PID:3372
                • C:\Windows\system32\schtasks.exe
                  schtasks.exe /Create /F /TN "Niazd" /SC minute /MO 60 /TR "C:\Windows\system32\4976\WerFaultSecure.exe" /RL highest
                  3⤵
                  • Creates scheduled task(s)
                  PID:508

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\5mcFSL.cmd
              Filesize

              240B

              MD5

              ffc18655929d71bd0ade618e46dfa527

              SHA1

              9f68e28eeecc6ccd55c1f718b675bb74c13815db

              SHA256

              1a878e94a562396c61c73e1e00313f96842dc6c4918f8236c1255bb72b062894

              SHA512

              efcf2aee800c33eeb6d39fab799d0796aaa0af761bce12d6fd9541eb7e7545b21bc6f84f047ac77820d7d1f24d0eff3cdf33ca5736d6727d009ba989f4301500

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\6Uy.cmd
              Filesize

              130B

              MD5

              95673818c20ee1034e9a4523e38771d9

              SHA1

              c278c57a995a8e65b9a94653885e853a903b5438

              SHA256

              59d5914b3e906ad661b4cea62252297be80ce20b281cf804f8a4968774a57f23

              SHA512

              228604ddcd4ef1c321b01cf53effe6933e8d5b74828830fb7f71120b08d753484b72ad210448c46855597a35b5fa4cc6c5aec5c26d9eea749ce3d977c8c3a691

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\ez963CB.tmp
              Filesize

              728KB

              MD5

              945cfac2e77317b0924447a1b1e75bef

              SHA1

              d281f9f87e4b3a1356fa129b9aa8c61cccf52f09

              SHA256

              094c27836edf1521aa5e6d642b88b5b66d7c507a1ae32794491d1a3d71da8e07

              SHA512

              3d3dae6a26aac0f346ebef7f18e3e55fa93aee4878bd3bbb03a6478e84554994a60279e3f0adbb6c213c65847df8972a2688658484745bda72a33358e704cde4

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\haZ6533.tmp
              Filesize

              732KB

              MD5

              fa4a19fc9642997cdda43328b862d217

              SHA1

              c8be840c5f74a1051993d8228a3e1db42f5445dc

              SHA256

              4e2830e31faf49e33cc94c0154aa9945825e9fd09de5240665d48a3f2ad2813a

              SHA512

              e1b14ce08782b1861c3149a2fcf234c33093c0e2cb1d589bb8b1886e291d07b72e2a2fb9c9e4545e2442dc64a4da9fdbb85106b5d148884ffc72a3e60738b521

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\zHz.cmd
              Filesize

              197B

              MD5

              674e4e1e5e4670bd54b1e7584b8023b6

              SHA1

              38aa0f95c16c2f9c08b9a405ca8ba16ee2057bb7

              SHA256

              3fad3ef059dfe32c655aefb0c29783d7463b2ce21711023ba5fbbc9f1503f08e

              SHA512

              2e99917c0f7eb510ec6a9fc8f37ec415e437f6778dbfa54db5ae02876e8bd4d96a34564122d68a46704196e8537cc3f65b4b783a7594b10e9b404fde72897282

              Download Submit

            • C:\Users\Admin\AppData\Roaming\BfjB7\ApplicationFrameHost.exe
              Filesize

              76KB

              MD5

              d58a8a987a8dafad9dc32a548cc061e7

              SHA1

              f79fc9e0ab066cad530b949c2153c532a5223156

              SHA256

              cf58e424b86775e6f2354291052126a646f842fff811b730714dfbbd8ebc71a4

              SHA512

              93df28b65af23a5f82124ba644e821614e2e2074c98dbb2bd7319d1dfe9e2179b9d660d7720913c79a8e7b2f8560440789ad5e170b9d94670589885060c14265

              Download Submit

            • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Iphtcfjrejti.lnk
              Filesize

              968B

              MD5

              675e64c306a030861493cef030647852

              SHA1

              59c2a245445a7103d00c46307473f415eb4db294

              SHA256

              de545b01a7d8ed901d6a95d96918f69ab957903bb230cf434d3fbf618e98d760

              SHA512

              f32b440ed229c2941a3e57a3746b3997a6f758c422a9ac9dc010567fe97d54fe4e359e2b62a87e6eb751ea7d610359633166156b4b14507611f86c1345501478

              Download Submit

            • memory/2812-2-0x0000020CF2DB0000-0x0000020CF2DB7000-memory.dmp

              Filesize

              28KB

              Download

            • memory/2812-1-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/2812-6-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-26-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-20-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-54-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-33-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-19-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-16-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-43-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-41-0x0000000000590000-0x0000000000597000-memory.dmp

              Filesize

              28KB

              Download

            • memory/3404-3-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3404-25-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-24-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-23-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-22-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-47-0x00007FF85FE60000-0x00007FF85FE70000-memory.dmp

              Filesize

              64KB

              Download

            • memory/3404-18-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-15-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-14-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-13-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-12-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-11-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-10-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-9-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-8-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-21-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-7-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-17-0x0000000140000000-0x00000001400B5000-memory.dmp

              Filesize

              724KB

              Download

            • memory/3404-5-0x00007FF85E32A000-0x00007FF85E32B000-memory.dmp

              Filesize

              4KB

              Download