Overview

overview

7

Static

static

7

8b3e465c4b...18.exe

windows7-x64

7

8b3e465c4b...18.exe

windows10-2004-x64

7

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

DTDJ_1.exe

windows7-x64

3

DTDJ_1.exe

windows10-2004-x64

3

DllPicStr.dll

windows7-x64

3

DllPicStr.dll

windows10-2004-x64

3

LiveUpdate.exe

windows7-x64

3

LiveUpdate.exe

windows10-2004-x64

3

ReplaceIAT.dll

windows7-x64

7

ReplaceIAT.dll

windows10-2004-x64

7

cfClient.exe

windows7-x64

3

cfClient.exe

windows10-2004-x64

3

unins000.exe

windows7-x64

7

unins000.exe

windows10-2004-x64

7

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/08/2024, 17:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ReplaceIAT.dll

  • Size

    98KB

  • MD5

    b4605ce87bb8706ab4d6117581944d6a

  • SHA1

    8de7743b4901b48154a6457e02fc7d8b3905b79b

  • SHA256

    30f390ba154521c67fec87486a2a82e6240a0eb24223a9009115cf5098fcb7d9

  • SHA512

    d25c8374175b906f28269e49881361a260e7a2a094a225a6209c5ea51d6383958430ee47db3d3be2bc9b23e757332f02021b6ffc75155e619dbc4d5bf1606d1b

  • SSDEEP

    3072:atA5jWDxMLRd4liaO9TfvxtaaHBZDfta:atA5jWs8l09jvPZB

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Drops file in System32 directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ReplaceIAT.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2428
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ReplaceIAT.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      PID:2852
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4288,i,5469445176230119590,7931734017267321834,262144 --variations-seed-version --mojo-platform-channel-handle=3756 /prefetch:8
    1⤵
      PID:2928

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\SysWOW64\ws.dll
            Filesize

            388KB

            MD5

            8d7db101a7211fe3309dc4dc8cf2dd0a

            SHA1

            6c2781eadf53b3742d16dab2f164baf813f7ac85

            SHA256

            93db7c9699594caa19490280842fbebec3877278c92128b92e63d75fcd01397a

            SHA512

            8b139d447068519997f7bbc2c7c2fe3846b89ae1fba847258277c9ab92a93583b28fae7ffa444768929ed5852cc914c0270446cbf0bd20aca49bde6b6f809c83

            Download Submit

          • C:\Windows\SysWOW64\wsGdi.dll
            Filesize

            137KB

            MD5

            f6b847a54cfb804a25b8842b45fd1d50

            SHA1

            bb22fef07ce1577c8a7fa057d8cf05502c013bfc

            SHA256

            5dd2f5a957946e0b6f63660ebd897851aad4795d4c847396c47ddbb647715583

            SHA512

            dd08a55f538e2a33e6a0c496dc97ae9045594cbbf62f7894ae8ded63f4dc0b2e89c5935269adfd1c19607b1d2474bddc49f6acb955e6dc53a55560663ca2137a

            Download Submit

          • C:\Windows\SysWOW64\wskernal.dll
            Filesize

            625KB

            MD5

            eccf28d7e5ccec24119b88edd160f8f4

            SHA1

            98509587a3d37a20b56b50fd57f823a1691a034c

            SHA256

            820c83c0533cfce2928e29edeaf6c255bc19ac9718b25a5656d99ffac30a03d6

            SHA512

            c1c94bbb781625b2317f0a8178d3a10d891fb71bca8f82cd831c484e8ab125301b82a14fe2ff070dc99a496cc00234300fa5536401018c40d49d44ae89409670

            Download Submit

          • memory/2852-0-0x0000000010000000-0x0000000010042000-memory.dmp

            Filesize

            264KB

            Download