Analysis

  • max time kernel
    133s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-06-2024 03:59

General

  • Target

    80000.dll

  • Size

    66KB

  • MD5

    400439a05c61cfd61625749a7f1fd8f1

  • SHA1

    8f5b0e02f9c6ff5547410e45554996fb64df7002

  • SHA256

    0abbe08ec50615e8c1e87192d61b1419e7780251a035e72ffd92e0c6cde60ca2

  • SHA512

    2b05470280fde4fecda63035fa397798ae6b18f529a634040282ae9f8969ddaea488662e9f17848db0443b0ce99aa35bd43e01ddaa295c81629c95ac06514beb

  • SSDEEP

    1536:i1CNFN96i6NI7q8U3gW6v/0DNHUYbLOyZeZjOdfJxFwKW01uGR/xOi7OCBKzR9dT:i1C3NSeW8UF+hT

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\80000.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:772
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\80000.dll,#1
      2⤵
      • Checks computer location settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1940
      • C:\Windows\SysWOW64\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\.txt
        3⤵
          PID:2788
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 1012
          3⤵
          • Program crash
          PID:5076
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1940 -ip 1940
      1⤵
        PID:3712

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\.txt

        Filesize

        48B

        MD5

        43382e1f053304855e9320c71ed3b6cd

        SHA1

        a7df410c7cd79bfe9a8fe980226f979d2330a5f9

        SHA256

        8d4dc3adb1c650cbcd8d6bca245083be6b4949dc74c19b5630391caf44bd0d5d

        SHA512

        b1cc79429cdec123435de38cd5ebb4f106239167f1d2d490df555443f73351ccdc262e2c0618cd8b6fc430dd30b9f74c96590cb03c7ef72fb90eeef53532ad41