Overview

overview

7

Static

static

3

f3870c7bcc...2e.dll

windows7-x64

7

f3870c7bcc...2e.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    04/06/2024, 05:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f3870c7bccef24b6ab81dc2b9fb02cddb4f342d90e6741f7c6c172d50632262e.dll

  • Size

    536KB

  • MD5

    dbed1c7f019b05f4903e705ba5df5e68

  • SHA1

    38ea40f461e50bdc259dbaeec1f1706ed9e32c9d

  • SHA256

    f3870c7bccef24b6ab81dc2b9fb02cddb4f342d90e6741f7c6c172d50632262e

  • SHA512

    44e8b4e967c58cb071ecef0114c1e78397c3f32991450bfd8065a7d6201e0a9f621b642bb72ffb6c81ff300705a1bf44792a16bc9a2a68194b9b88d466d30769

  • SSDEEP

    6144:Ci05kH9OyU2uv5SRf/FWgFgtBgqIRAUW9kVYeVprU4wfhTv5xD2ZP0GVGdXcukT4:trHGPv5Smpt6DmUWuVZkxikdXcq

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies registry class 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f3870c7bccef24b6ab81dc2b9fb02cddb4f342d90e6741f7c6c172d50632262e.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2352
  • C:\Windows\system32\wbengine.exe
    C:\Windows\system32\wbengine.exe
    1⤵
      PID:1940
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\uuzYT.cmd
      1⤵
        PID:2636
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /c schtasks.exe /Delete /F /TN "User_Feed_Synchronization-{af200ed5-1aeb-7147-dc8f-85fa319e0b86}"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:3004
        • C:\Windows\system32\schtasks.exe
          schtasks.exe /Delete /F /TN "User_Feed_Synchronization-{af200ed5-1aeb-7147-dc8f-85fa319e0b86}"
          2⤵
            PID:404
        • C:\Windows\system32\TapiUnattend.exe
          C:\Windows\system32\TapiUnattend.exe
          1⤵
            PID:2796
          • C:\Windows\system32\TSTheme.exe
            C:\Windows\system32\TSTheme.exe
            1⤵
              PID:2828
            • C:\Windows\system32\notepad.exe
              C:\Windows\system32\notepad.exe
              1⤵
                PID:2844
              • C:\Windows\System32\cmd.exe
                "C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\bPu0.cmd
                1⤵
                • Drops file in System32 directory
                PID:2972
              • C:\Windows\System32\eventvwr.exe
                "C:\Windows\System32\eventvwr.exe"
                1⤵
                • Suspicious use of WriteProcessMemory
                PID:3000
                • C:\Windows\system32\cmd.exe
                  "C:\Windows\system32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\eBVm.cmd
                  2⤵
                  • Suspicious use of WriteProcessMemory
                  PID:2808
                  • C:\Windows\system32\schtasks.exe
                    schtasks.exe /Create /F /TN "Cnmwowrqih" /SC minute /MO 60 /TR "C:\Windows\system32\8094\notepad.exe" /RL highest
                    3⤵
                    • Creates scheduled task(s)
                    PID:2760

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\Cy2405.tmp
                Filesize

                540KB

                MD5

                06446b1e6bb00a4f2aca5a1223c4ed71

                SHA1

                2b19dc3311ce69ece4c049af1705b163c3f7bca4

                SHA256

                2361f27e0e2da2546dd77e5543e4859f58da5672ed94516f18f9209353f011ec

                SHA512

                4927c9c856338486673f9d2733ee11d25a3a585869ae922458f87dd1d73d9652d7b54caab75ea5f2850ad87d471ad5391a77616b3634a3207169635a9ba73cc2

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\bPu0.cmd
                Filesize

                193B

                MD5

                6638072e132122bc3662ba0bd56f2994

                SHA1

                012185c86423e331f36ca2f27413110edad586c8

                SHA256

                a74206120f19afcf87d780c7b11d16f4b67f8a349c48158e85eb537b1dd269ed

                SHA512

                fd530f1a5198412e439ff1794c2bae18913c7a40ece54e4e15a1a0b8cf3eb412914d636a63e4af7487b05a43f9ea0054891639ac8758f85c9305c44779ae83b8

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\eBVm.cmd
                Filesize

                128B

                MD5

                cfa88d067ea20bbae68116ebde654fa1

                SHA1

                e004b1895b01e9cd109c221818a57f252805ed28

                SHA256

                d43f35368a42ded06430de006b23698c0f70389b8e1a13f46bb589fea6b1a074

                SHA512

                6ec975b406e459f4b6fd63d2023aadaf9992e8ba9a815ef68d6cb46656843032a81d6ffa3ee4a3eec4d1f89de535b31b9d4d8f4fb7e5f2e5c80ac0c4c4cce30b

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\fTU229E.tmp
                Filesize

                540KB

                MD5

                6f12002048cefed04cb0783f67347696

                SHA1

                d4b182ef938fe8ec65e43c8b5bc1607d5dfb23dc

                SHA256

                4ca44160eb35ea1354f739d56e916897fd9ea7aa7733334a34b9879b57bc5d3a

                SHA512

                a4a20f916c7f02716b79dba6aad87e76fef82aec53de64ef05bd739cdddd8706a21348ae09711826adfe1d99866ece8b96dd79aa49e50bc3ca63e9d9834b2789

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\uuzYT.cmd
                Filesize

                236B

                MD5

                529e7772f87288447dc788d7aed99205

                SHA1

                4572aa4280284df3ac1a6c5f4d5773fcc1945ad7

                SHA256

                d2cf8e623004b19f618fdf7bddc883fac63c135bc80d156f1baf771a3c2104d0

                SHA512

                20ed24810eef52b6629702999aba2228eb6121aa326c5094483c4a24740bbde2cf87ceb6095b8225e58f27e8e5a85c439d964d11dca77a951b341df2d6e0bd81

                Download Submit

              • C:\Users\Admin\AppData\Roaming\2XKOf79\wbengine.exe
                Filesize

                1.4MB

                MD5

                78f4e7f5c56cb9716238eb57da4b6a75

                SHA1

                98b0b9db6ec5961dbb274eff433a8bc21f7e557b

                SHA256

                46a4e78ce5f2a4b26f4e9c3ff04a99d9b727a82ac2e390a82a1611c3f6e0c9af

                SHA512

                1a24ea71624dbbca188ee3b4812e09bc42e7d38ceac02b69940d7693475c792685a23141c8faa85a87ab6aace3f951c1a81facb610d757ac6df37cf2aa65ccd2

                Download Submit

              • C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Aknlhzir.lnk
                Filesize

                890B

                MD5

                275889cbea64e2792a47240f96cf6ff0

                SHA1

                c12e9c0a0371bc746c8c6cbaa509748fe3d3cf49

                SHA256

                bd75b7117adee476625c83ebda9f2baaddd8a75412e3c6a852fa3f50ca974611

                SHA512

                f4b6038881e2cbce5f3bb40a618df45faef987f74325c76603d4f7489cb8853782a5112dd7bfdc10cc560f21b6ec7e9192bd1b7b286e79250dd0919c5ca15d6c

                Download Submit

              • memory/1080-28-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-24-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-29-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-11-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-12-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-13-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-14-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-15-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-21-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-37-0x0000000002CF0000-0x0000000002CF7000-memory.dmp

                Filesize

                28KB

                Download

              • memory/1080-39-0x00000000778C1000-0x00000000778C2000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1080-38-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-30-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-102-0x00000000776B6000-0x00000000776B7000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1080-27-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-26-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-25-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-10-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-23-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-22-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-20-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-19-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-18-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-17-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-16-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-48-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-53-0x0000000077A20000-0x0000000077A22000-memory.dmp

                Filesize

                8KB

                Download

              • memory/1080-54-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-9-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-8-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-7-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/1080-3-0x00000000776B6000-0x00000000776B7000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1080-4-0x0000000002ED0000-0x0000000002ED1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2352-6-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download

              • memory/2352-2-0x00000000000B0000-0x00000000000B7000-memory.dmp

                Filesize

                28KB

                Download

              • memory/2352-0-0x0000000140000000-0x0000000140086000-memory.dmp

                Filesize

                536KB

                Download