Analysis

  • max time kernel
    138s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 03:59

General

  • Target

    80000.dll

  • Size

    66KB

  • MD5

    400439a05c61cfd61625749a7f1fd8f1

  • SHA1

    8f5b0e02f9c6ff5547410e45554996fb64df7002

  • SHA256

    0abbe08ec50615e8c1e87192d61b1419e7780251a035e72ffd92e0c6cde60ca2

  • SHA512

    2b05470280fde4fecda63035fa397798ae6b18f529a634040282ae9f8969ddaea488662e9f17848db0443b0ce99aa35bd43e01ddaa295c81629c95ac06514beb

  • SSDEEP

    1536:i1CNFN96i6NI7q8U3gW6v/0DNHUYbLOyZeZjOdfJxFwKW01uGR/xOi7OCBKzR9dT:i1C3NSeW8UF+hT

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\80000.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\80000.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious use of WriteProcessMemory
      PID:2028
      • C:\Windows\SysWOW64\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\.txt
        3⤵
          PID:2504

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\.txt

      Filesize

      48B

      MD5

      43382e1f053304855e9320c71ed3b6cd

      SHA1

      a7df410c7cd79bfe9a8fe980226f979d2330a5f9

      SHA256

      8d4dc3adb1c650cbcd8d6bca245083be6b4949dc74c19b5630391caf44bd0d5d

      SHA512

      b1cc79429cdec123435de38cd5ebb4f106239167f1d2d490df555443f73351ccdc262e2c0618cd8b6fc430dd30b9f74c96590cb03c7ef72fb90eeef53532ad41