Resubmissions
28-10-2024 17:20
241028-vwegcathpa 1020-06-2024 04:07
240620-epwt2sxhkc 820-06-2024 03:56
240620-ehtfcaxemb 314-06-2024 11:45
240614-nw7dssyhre 826-05-2024 08:12
240526-j36nmada24 8Analysis
-
max time kernel
112s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
14-06-2024 11:45
General
-
Target
ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13.dll
-
Size
141KB
-
MD5
1b7b6fb1a99996587a3c20ee9c390a9c
-
SHA1
129aa22329dd45f7bce5172e97cbd8016dec830e
-
SHA256
ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13
-
SHA512
a3b62e1c1184c01b0175b09f0a62003e120e652245ea80cebf9e55c89ef71308c4400bfe13281a60ae993c58d7dad5522688fa2e8924343e1baa5c25bfce44eb
-
SSDEEP
3072:HACxLpcTIhjZM3VhHSkYl8CagwurZvE9vV1ZQZR:HTtpcPlJSTl4PuF
Malware Config
Signatures
-
Blocklisted process makes network request 9 IoCs
-
Loads dropped DLL 4 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory 10 IoCs
-
Drops file in Windows directory 1 IoCs
-
Modifies data under HKEY_USERS 21 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13.dll1⤵
- Drops file in Windows directory
-
C:\Windows\system32\taskeng.exetaskeng.exe {605C5C0F-82E6-44D9-87F3-1195A6568A73} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exe "C:\ProgramData\RtlUpd\RtlUpd.dll",Start /p2⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Drops file in System32 directory
- Modifies data under HKEY_USERS
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3B
MD58a80554c91d9fca8acb82f023de02f11
SHA15f36b2ea290645ee34d943220a14b54ee5ea5be5
SHA256ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
SHA512ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a
-
Filesize
141KB
MD51b7b6fb1a99996587a3c20ee9c390a9c
SHA1129aa22329dd45f7bce5172e97cbd8016dec830e
SHA256ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13
SHA512a3b62e1c1184c01b0175b09f0a62003e120e652245ea80cebf9e55c89ef71308c4400bfe13281a60ae993c58d7dad5522688fa2e8924343e1baa5c25bfce44eb