d07c95e8960c8d0a4de79e97afbbb836d73b8869dda97917bce1d0fa4ef88195

Submit
Reports

Overview

overview

Static

static

0c5b00311b...5e.exe

windows10-2004-x64

1618780b85...13.vbs

windows7-x64

1618780b85...13.vbs

windows10-2004-x64

31d2bac123...c0.exe

windows7-x64

31d2bac123...c0.exe

windows10-2004-x64

3e0a6e80d4...1c.xls

windows7-x64

3e0a6e80d4...1c.xls

windows10-2004-x64

5489a717a2...f8.exe

windows7-x64

5489a717a2...f8.exe

windows10-2004-x64

63f2e49bd1...c6.msi

windows7-x64

63f2e49bd1...c6.msi

windows10-2004-x64

719d53c106...d2.exe

windows7-x64

719d53c106...d2.exe

windows10-2004-x64

8411add8ba...e8.dll

windows7-x64

8411add8ba...e8.dll

windows10-2004-x64

88b0765750...b0.exe

windows7-x64

88b0765750...b0.exe

windows10-2004-x64

9cb1756afd...71.exe

windows7-x64

9cb1756afd...71.exe

windows10-2004-x64

REP_894198...17.doc

windows7-x64

REP_894198...17.doc

windows10-2004-x64

d472c89510...54.xls

windows7-x64

d472c89510...54.xls

windows10-2004-x64

dcc72f90c1...21.exe

windows7-x64

dcc72f90c1...21.exe

windows10-2004-x64

file.exe

windows7-x64

file.exe

windows10-2004-x64

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-12-2024 16:25

Sharing

Copy URL

Twitter E-mail

Static task

static1

macro ateraagent

5 signatures

Behavioral task

behavioral1

Sample

0c5b00311b9e7f3e749e8f2c2bb639ee32f2de89bedf1c572391dedcdd10765e.exe

Resource

win10v2004-20241007-en

discovery persistence

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

1618780b8570f9b44fdd73513c6aa8069eb8a9151a22d83b178c5be6eb125013.vbs

Resource

win7-20240903-en

discovery execution

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

1618780b8570f9b44fdd73513c6aa8069eb8a9151a22d83b178c5be6eb125013.vbs

Resource

win10v2004-20241007-en

discovery execution

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral4

Sample

31d2bac123d451caed79ced03b80592dacc3499f6c91a9e32630d3590d52a6c0.exe

Resource

win7-20240903-en

socks5systemz botnet discovery

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral5

Sample

31d2bac123d451caed79ced03b80592dacc3499f6c91a9e32630d3590d52a6c0.exe

Resource

win10v2004-20241007-en

socks5systemz botnet discovery

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral6

Sample

3e0a6e80d4427d22bc807628032ba1e1fbf9b733a8b5db26f5c2cc2bae55bb1c.xls

Resource

win7-20240903-en

discovery

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral7

Sample

3e0a6e80d4427d22bc807628032ba1e1fbf9b733a8b5db26f5c2cc2bae55bb1c.xls

Resource

win10v2004-20241007-en

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral8

Sample

5489a717a23f4b7e2f250429554bd8a3d744970e1bfabe2162c9eb2fa8c04df8.exe

Resource

win7-20240708-en

darkcloud discovery execution stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral9

Sample

5489a717a23f4b7e2f250429554bd8a3d744970e1bfabe2162c9eb2fa8c04df8.exe

Resource

win10v2004-20241007-en

darkcloud discovery execution stealer

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral10

Sample

63f2e49bd14880bed0033cbf0878ee50f18555432d3ad1439b304e6a2dc00fc6.msi

Resource

win7-20240903-en

ateraagent discovery persistence privilege_escalation rat

windows7-x64

25 signatures

150 seconds

Behavioral task

behavioral11

Sample

63f2e49bd14880bed0033cbf0878ee50f18555432d3ad1439b304e6a2dc00fc6.msi

Resource

win10v2004-20241007-en

ateraagent discovery persistence privilege_escalation rat

windows10-2004-x64

26 signatures

150 seconds

Behavioral task

behavioral12

Sample

719d53c1064f54fd79ea4a7844f079d2.exe

Resource

win7-20240903-en

lumma discovery stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral13

Sample

719d53c1064f54fd79ea4a7844f079d2.exe

Resource

win10v2004-20241007-en

lumma discovery stealer

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral14

Sample

8411add8ba814509886e7ce5baee8e338f5955037623c768747cbc1b7ecc1de8.dll

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral15

Sample

8411add8ba814509886e7ce5baee8e338f5955037623c768747cbc1b7ecc1de8.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

88b07657500a548ed8476fa415896d2179c307d4751917ca892119c3fff120b0.exe

Resource

win7-20241010-en

darkcloud discovery execution stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral17

Sample

88b07657500a548ed8476fa415896d2179c307d4751917ca892119c3fff120b0.exe

Resource

win10v2004-20241007-en

darkcloud discovery execution stealer

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral18

Sample

9cb1756afd35b77acc762f550857e271.exe

Resource

win7-20241023-en

discovery

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral19

Sample

9cb1756afd35b77acc762f550857e271.exe

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral20

Sample

REP_89419812646634117.doc

Resource

win7-20241010-en

discovery execution

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral21

Sample

REP_89419812646634117.doc

Resource

win10v2004-20241007-en

execution

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral22

Sample

d472c895106cfebcb6eea8701416aed96b9770c256432ee7ee7a9b8a60a6d254.xls

Resource

win7-20240729-en

discovery

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral23

Sample

d472c895106cfebcb6eea8701416aed96b9770c256432ee7ee7a9b8a60a6d254.xls

Resource

win10v2004-20241007-en

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral24

Sample

dcc72f90c1d3aac382ba8965c68109986771562f49d4112c5be1a0e9b645f621.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral25

Sample

dcc72f90c1d3aac382ba8965c68109986771562f49d4112c5be1a0e9b645f621.exe

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral26

Sample

file.exe

Resource

win7-20240903-en

stealc doma evasion stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral27

Sample

file.exe

Resource

win10v2004-20241007-en

stealc doma discovery evasion stealer

windows10-2004-x64

8 signatures

150 seconds

Report Analysis Logs

General

Target

8411add8ba814509886e7ce5baee8e338f5955037623c768747cbc1b7ecc1de8.dll
Size

275KB
MD5

a143d675ff5ffc87cb7bc6b120abdac5
SHA1

5334fe952a26aca795456005003c19b037b22cc1
SHA256

8411add8ba814509886e7ce5baee8e338f5955037623c768747cbc1b7ecc1de8
SHA512

fdeb1d5050bd6064a2837220f8395a84ee60306ec28c55100fec26e9ff88442aac5a46234aa82905f01f9e1001994ededcc4e893150dda6223c68cdc33a08ce8
SSDEEP

6144:azdTTWyV4TosDLx4fYYIpjgsYQxTSOH8u+DRoowXOJNYYp:kdTTWyV43DLCwJEQF+GowXOJSY

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 2788 wrote to memory of 2840	2788	rundll32.exe	31
PID 2788 wrote to memory of 2840	2788	rundll32.exe	31
PID 2788 wrote to memory of 2840	2788	rundll32.exe	31

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8411add8ba814509886e7ce5baee8e338f5955037623c768747cbc1b7ecc1de8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2788 -s 148
  2⤵
  PID:2840

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads