Analysis
-
max time kernel
1780s -
max time network
1790s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
27/07/2024, 17:06
Static task
static1
Behavioral task
behavioral1
Sample
CleanUp.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral2
Sample
CleanUp.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
CleanUp.dll
Resource
win11-20240709-en
windows11-21h2-x64
General
-
Target
CleanUp.dll
-
Size
474KB
-
MD5
06a3ba77cc81d5869aa62de1f8142759
-
SHA1
bf66456a4fe875631584055c5e1618ef5b7dfaf5
-
SHA256
e1be0e3707f67d03eaa8ac4b14b8b7cd7fc665f13a15aa8087b34cbde07116fd
-
SHA512
03cf4e2944668f10f8dbc6086b2417951a6edde10385b2be60f4345b8a045eff8dbab99da170b919adabdd34a744e1dfb3e5657d2de176bee322240b752b8592
-
SSDEEP
12288:IMQ+mKlmG2OVq+v8MR+3lQ/PJqgs+5mprkR39UJvQhb9Y5:IqWm/Pjs+5mprkRtU9Qhb9M
Malware Config
Signatures
-
Blocklisted process makes network request 51 IoCs
flow pid Process 4 2240 rundll32.exe 14 2240 rundll32.exe 21 2240 rundll32.exe 51 2240 rundll32.exe 59 2240 rundll32.exe 75 2240 rundll32.exe 79 2240 rundll32.exe 81 2240 rundll32.exe 82 2240 rundll32.exe 83 2240 rundll32.exe 84 2240 rundll32.exe 85 2240 rundll32.exe 86 2240 rundll32.exe 88 2240 rundll32.exe 89 2240 rundll32.exe 90 2240 rundll32.exe 91 2240 rundll32.exe 92 2240 rundll32.exe 93 2240 rundll32.exe 94 2240 rundll32.exe 95 2240 rundll32.exe 96 2240 rundll32.exe 97 2240 rundll32.exe 98 2240 rundll32.exe 99 2240 rundll32.exe 100 2240 rundll32.exe 101 2240 rundll32.exe 102 2240 rundll32.exe 103 2240 rundll32.exe 104 2240 rundll32.exe 105 2240 rundll32.exe 106 2240 rundll32.exe 107 2240 rundll32.exe 108 2240 rundll32.exe 109 2240 rundll32.exe 110 2240 rundll32.exe 111 2240 rundll32.exe 112 2240 rundll32.exe 113 2240 rundll32.exe 114 2240 rundll32.exe 115 2240 rundll32.exe 116 2240 rundll32.exe 117 2240 rundll32.exe 118 2240 rundll32.exe 119 2240 rundll32.exe 120 2240 rundll32.exe 121 2240 rundll32.exe 122 2240 rundll32.exe 123 2240 rundll32.exe 124 2240 rundll32.exe 125 2240 rundll32.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4580 wrote to memory of 2240 4580 rundll32.exe 84 PID 4580 wrote to memory of 2240 4580 rundll32.exe 84 PID 4580 wrote to memory of 2240 4580 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\CleanUp.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4580 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\CleanUp.dll,#12⤵
- Blocklisted process makes network request
- System Location Discovery: System Language Discovery
PID:2240
-