dc3551221e7ac882cb4a2ffe5b99844aa9d00fe43c68b9b096f23dd065827e20

Analysis

max time kernel
129s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 08:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc3551221e7ac882cb4a2ffe5b99844aa9d00fe43c68b9b096f23dd065827e20.dll
Size

844KB
MD5

36ce03c368b406e78ac78a59a1727b37
SHA1

9a040c2d564898d0e4f617ff15a95e2d5bd9dc2d
SHA256

dc3551221e7ac882cb4a2ffe5b99844aa9d00fe43c68b9b096f23dd065827e20
SHA512

34e507cb618e817afbf165ecc519fbc64ffbf3d47d61c583413d62192dcd15dadb55dc1492e6075ab7952d48ec7727f84e708d611dab87a87107e35a2d73294c
SSDEEP

6144:CGp1PfKtOxX3p8B8CLfYnwexXKIhXGxKOftYiUAc/UqFUmCQeewQeeeQeesQeeXW:CGfVLmfYnw2XFkgpHcQS1vnCKC4f

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3708	rundll32.exe
Token: SeDebugPrivilege	3708	rundll32.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3708	rundll32.exe
3708	rundll32.exe
3708	rundll32.exe
3708	rundll32.exe
3708	rundll32.exe
3708	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 3708	872	rundll32.exe	83
PID 872 wrote to memory of 3708	872	rundll32.exe	83
PID 872 wrote to memory of 3708	872	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dc3551221e7ac882cb4a2ffe5b99844aa9d00fe43c68b9b096f23dd065827e20.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dc3551221e7ac882cb4a2ffe5b99844aa9d00fe43c68b9b096f23dd065827e20.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Favorites\Íâ¹Ò×÷·»¹Ù·½Õ¾ [www.zuowg.com].url

Filesize
110B

MD5
f9fc3e4f710ea6068eccca29ed784970

SHA1
eb6f961e7102e3aef227b204ff4dd9563f745812

SHA256
1c12badabe490d7c3d63bb0187965344ce0ed923eab707e446900a9b98913fcb

SHA512
b2d0db7a2c4b4d4e53a8daf2caff6a0ea826133038380e5dcf8c6493417f2884ecd61f047798189a3cff13cca3b9dbe99e5a501ce5de10488b2a337389b019ed

Download Submit
C:\Users\Admin\Favorites\Íâ¹Ò×÷·»×ÊÔ´Õ¾ [42724920.ys168.com].url

Filesize
115B

MD5
514d1b59ae8925c5edea3c446ce588dd

SHA1
60dd675b65c7ffaac6ca731dba265a6f316a6f75

SHA256
6bbfe9e113e075b646ae49400657b8bb20cbab06854b38bf007ac6e15cd7b773

SHA512
5bf3d0f1715b445852ad184907d2161967d51cb8fe9673330438d8705502bc63e263222c43839140c613a427b0b58b297e522b3953c2543453625e01b8017253

Download Submit