Overview

overview

5

Static

static

3

2218bdc1a1...05.dll

windows7-x64

5

2218bdc1a1...05.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    93s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/11/2024, 05:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2218bdc1a141068e124211828141b5131bf76c71e9f33535fc241febf3f92a05.dll

  • Size

    13.7MB

  • MD5

    9f8a34d5aad84a6cf84b457311aedc79

  • SHA1

    5e52ac0f843d3eabd953c074c50bb9d31ea366a5

  • SHA256

    2218bdc1a141068e124211828141b5131bf76c71e9f33535fc241febf3f92a05

  • SHA512

    8f10be170b5cb5f7ac6a2219251ce98dc0e97181f31f0655d24c2a6182b8fc480cca3834567c1b17d105530372141174718f323bff4a35b30f68fd7ae641ffe6

  • SSDEEP

    196608:3NfuUZj2vtrAZ3VXQQv0sOAeym0a2YXRjoYSSnnoSC:3N5jOgVXQM0sOAewhcpX

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2218bdc1a141068e124211828141b5131bf76c71e9f33535fc241febf3f92a05.dll
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:3004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3004-0-0x00007FFE0F9DA000-0x00007FFE101A2000-memory.dmp

    Filesize

    7.8MB

    Download

  • memory/3004-2-0x00007FFE2EF40000-0x00007FFE2EF42000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3004-1-0x00007FFE2EF30000-0x00007FFE2EF32000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3004-7-0x00007FFE0F8E0000-0x00007FFE10F55000-memory.dmp

    Filesize

    22.5MB

    Download

  • memory/3004-8-0x00007FFE0F8E0000-0x00007FFE10F55000-memory.dmp

    Filesize

    22.5MB

    Download

  • memory/3004-9-0x00007FFE0F9DA000-0x00007FFE101A2000-memory.dmp

    Filesize

    7.8MB

    Download

  • memory/3004-10-0x00007FFE0F8E0000-0x00007FFE10F55000-memory.dmp

    Filesize

    22.5MB

    Download