ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13

Resubmissions

28/10/2024, 17:20

241028-vwegcathpa 10

20/06/2024, 04:07

20/06/2024, 03:56

14/06/2024, 11:45

26/05/2024, 08:12

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 11:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13.dll
Size

141KB
MD5

1b7b6fb1a99996587a3c20ee9c390a9c
SHA1

129aa22329dd45f7bce5172e97cbd8016dec830e
SHA256

ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13
SHA512

a3b62e1c1184c01b0175b09f0a62003e120e652245ea80cebf9e55c89ef71308c4400bfe13281a60ae993c58d7dad5522688fa2e8924343e1baa5c25bfce44eb
SSDEEP

3072:HACxLpcTIhjZM3VhHSkYl8CagwurZvE9vV1ZQZR:HTtpcPlJSTl4PuF

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 20 IoCs

flow	pid	Process
21	2268	rundll32.exe
27	2268	rundll32.exe
28	2268	rundll32.exe
29	2268	rundll32.exe
30	2268	rundll32.exe
31	2268	rundll32.exe
32	2268	rundll32.exe
33	2268	rundll32.exe
40	2268	rundll32.exe
44	2268	rundll32.exe
45	2268	rundll32.exe
46	2268	rundll32.exe
47	2268	rundll32.exe
48	2268	rundll32.exe
49	2268	rundll32.exe
50	2268	rundll32.exe
51	2268	rundll32.exe
52	2268	rundll32.exe
53	2268	rundll32.exe
54	2268	rundll32.exe

Loads dropped DLL 1 IoCs

pid	Process
2268	rundll32.exe

Drops file in System32 directory 20 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\LRR9YQXJ	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\VFIQCD8E	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\QN9QPAPB	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\OWI6NXTI	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\UYBY5SOI	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\B72GIR95	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\B8WZU3NR	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\TBPMJ835	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\I74FGMMB	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\NQL1OENK	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\K7HX7CS2	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\JHB7332F	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\LYE01BED	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\9W0BMQDI	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\RRZOQDKS	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\2YNMKGON	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\VMQUKJ8A	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\YG2EW2QS	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\49ZEVP8X	rundll32.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\UKV5MWAJ	rundll32.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\RtlUpd.job	regsvr32.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13.dll
1⤵
- Drops file in Windows directory
PID:2184

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe "C:\ProgramData\RtlUpd\RtlUpd.dll",Start /p
1⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\RtlUpd\RtlUpd.dll

Filesize
141KB

MD5
1b7b6fb1a99996587a3c20ee9c390a9c

SHA1
129aa22329dd45f7bce5172e97cbd8016dec830e

SHA256
ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13

SHA512
a3b62e1c1184c01b0175b09f0a62003e120e652245ea80cebf9e55c89ef71308c4400bfe13281a60ae993c58d7dad5522688fa2e8924343e1baa5c25bfce44eb

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\UYBY5SOI

Filesize
3B

MD5
8a80554c91d9fca8acb82f023de02f11

SHA1
5f36b2ea290645ee34d943220a14b54ee5ea5be5

SHA256
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

SHA512
ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a

Download Submit