Analysis
-
max time kernel
125s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
02/08/2024, 02:36
General
-
Target
f7559f6d4346f412c2c4ea18363efba3075345b7533af9964298803ffe75f919.dll
-
Size
380KB
-
MD5
b82ac58bae955f35be02db503437fdea
-
SHA1
d406acb09649c7df6acd751a23c0d53001840048
-
SHA256
f7559f6d4346f412c2c4ea18363efba3075345b7533af9964298803ffe75f919
-
SHA512
0cd6512a96e4138c463445704559d4df84f56be364b14a3952a3e587846122cbf50e7547756fb3ddc1ecf6500de45c9c4736d6efc97fba9811f71c84f72aadc2
-
SSDEEP
6144:s18a0lQP4Oa0STQ3HYtHK4AZPhWVWWWWWWfRAITNuPgdxAfLCDyWlisEgJhhVRMC:NlQP490BF1QTNuPbj8yWisEgJhhbP9o0
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f7559f6d4346f412c2c4ea18363efba3075345b7533af9964298803ffe75f919.dll,#11⤵
-
C:\Windows\system32\taskeng.exetaskeng.exe {4C7EAB90-1B28-4467-8FA0-17F12F32B8DE} S-1-5-21-3294248377-1418901787-4083263181-1000:FMEDFXFE\Admin:Interactive:[1]1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\RUNDLL32.exeRUNDLL32.exe C:\ProgramData\MicrosoftUpdate\Edge\report.sys,Print 88882⤵
- Loads dropped DLL
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
239KB
MD5d47078efdce7d22d39862016b8408fd9
SHA14309e5dd3ac9ea223d7d5df42a699c12b20a6a86
SHA256dd038040283793c67cd50252fb9ef20eb07e2f36d284f70cb2340e501dcb99d7
SHA51225f7e0bdcdbe25d59ac8c77c5a9a9d36a8d72b61b12e6ad7e04e7fab40f67a96cc0f56dec8a4fd3b3fafaa3c28ed0a9234513a784a643deb4f38226e8a936cba
-
Filesize
388KB