Overview

overview

10

Static

static

3

5df767c4ef...bN.dll

windows7-x64

7

5df767c4ef...bN.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16-12-2024 16:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5df767c4ef38ccdc6af9e966a8fbece709d9dc8d723117a3366a1f474a638acbN.dll

  • Size

    4.7MB

  • MD5

    d572497144a66fc491c301355038c940

  • SHA1

    3d84b6d8c4982dc30648cd5358d55fa45b816870

  • SHA256

    5df767c4ef38ccdc6af9e966a8fbece709d9dc8d723117a3366a1f474a638acb

  • SHA512

    e870175a63547add563687919a036af135f3063db4a672fc67cbf92311a495d5bc13b9228c8c3b61d39f1c96c86db518037051d8a1df24215ec30c2c29310721

  • SSDEEP

    98304:caTiZ7qe+aOKvp3QZ6/HbS9FugmTw3gvhiWaOuBuJ0Ato4z/uk/t:caTiZ7qfRmp3QZ6/+9Fu/v0AmWh1

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 9 IoCs
  • Drops file in System32 directory 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\5df767c4ef38ccdc6af9e966a8fbece709d9dc8d723117a3366a1f474a638acbN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2472
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\5df767c4ef38ccdc6af9e966a8fbece709d9dc8d723117a3366a1f474a638acbN.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2772
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2204
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 100
          4⤵
          • Loads dropped DLL
          • Program crash
          PID:2836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    60KB

    MD5

    3ac45bcb53d177c5c82da31058310e73

    SHA1

    6e8ac2a8b1f174041a8134c42ae28cd7dac2409c

    SHA256

    ba8e0f4e6ce24f96a873b5cbcf4bdc272c26b7c024d74c0f07256e7bbba62599

    SHA512

    8f2ec320694acdd88c09202aec938370ddc79c766ce1bf2fea12b5e8206827efca6ad9d5fb0e73de7b775f18026960182f90975763d69500ff7657befa8f8625

    Download Submit

  • memory/2772-3-0x0000000006000000-0x00000000064C1000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/2772-9-0x0000000006000000-0x00000000064C1000-memory.dmp

    Filesize

    4.8MB

    Download