Overview

overview

10

Static

static

3

223a3aa520...0N.dll

windows7-x64

6

223a3aa520...0N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    32s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    14-08-2024 19:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    223a3aa520689c0021d8ce51024d5bb0N.dll

  • Size

    3.7MB

  • MD5

    223a3aa520689c0021d8ce51024d5bb0

  • SHA1

    1fbcb94006ea1b3dd1796cebe0e78fb0b9b6a874

  • SHA256

    66ffa9d4e27a9f787eaa47364d57b95feae92af35ab154299c5134eacc9f4c42

  • SHA512

    b329830a0b22310e4262bd071edfaf38afa199bb428dc1f99b31c83df0f699eb842e6a466d803670d5066780217e7eb966e505262c3620eeb922629ee6883fe3

  • SSDEEP

    98304:ziXAEqfpQA7KhbchheGvUapVXNe1gNuqh+CaO:eQxRQA7K9QPfZNe1rqh+

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\223a3aa520689c0021d8ce51024d5bb0N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\223a3aa520689c0021d8ce51024d5bb0N.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Windows\SysWOW64\rundll32.exe
        "C:\Windows\SysWOW64\rundll32.exe"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2340
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 196
          4⤵
          • Program crash
          PID:2336
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CrowdstrikeEngine" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\WDEngineUpdater.dll",EntryPoint /f & exit
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:316
        • C:\Windows\SysWOW64\reg.exe
          reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CrowdstrikeEngine" /t REG_SZ /d "rundll32.exe C:\Users\Admin\Documents\WDEngineUpdater.dll",EntryPoint /f
          4⤵
          • Adds Run key to start application
          • System Location Discovery: System Language Discovery
          PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2340-12-0x0000000000110000-0x000000000018E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2340-2-0x0000000000110000-0x000000000018E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2340-4-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2340-6-0x0000000000110000-0x000000000018E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2340-10-0x0000000000110000-0x000000000018E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2972-19-0x0000000046108000-0x0000000046133000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2972-17-0x00000000460D6000-0x0000000046106000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2972-18-0x00000000460DA000-0x0000000046106000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2972-16-0x0000000046105000-0x0000000046133000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2972-0-0x0000000045DB0000-0x0000000046163000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2972-1-0x0000000045DE0000-0x0000000045DFA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2972-8-0x0000000045DB0000-0x0000000046163000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2972-13-0x0000000045DB0000-0x0000000046163000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2972-20-0x0000000045DB0000-0x0000000046163000-memory.dmp

    Filesize

    3.7MB

    Download