Overview

overview

10

Static

static

3

5ebe6ba386...eN.dll

windows7-x64

7

5ebe6ba386...eN.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2024 05:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ebe6ba38668bf9ea005de9cd192b5e6fb0c35021c525a53a0a9bf016fcb010eN.dll

  • Size

    2.0MB

  • MD5

    a87f0d53886f70aa71ad233d561e0200

  • SHA1

    3d87d32cc8e1245be6a6ed80aa753ef115ecb2f4

  • SHA256

    5ebe6ba38668bf9ea005de9cd192b5e6fb0c35021c525a53a0a9bf016fcb010e

  • SHA512

    176a2e81440ce5cfac83ec6e40b24144b62e2f481e97937e8d275090bf2b246a4810fb29e3add0d45698d7854958153af69d060cb9908c686a3e6861001b0d5c

  • SSDEEP

    24576:L7IY7a9IRCRqRPkHQo411810cNScGKJydXTZDwmzRMo3DP7x5nbiQj2k70gBZzos:/IY5RMHMf810Knor5zqo3zNJuQj7jMs

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 18 IoCs
  • Drops file in System32 directory 2 IoCs
  • Program crash 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ebe6ba38668bf9ea005de9cd192b5e6fb0c35021c525a53a0a9bf016fcb010eN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ebe6ba38668bf9ea005de9cd192b5e6fb0c35021c525a53a0a9bf016fcb010eN.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2196
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1784
        • C:\Windows\SysWOW64\rundll32mgrmgr.exe
          C:\Windows\SysWOW64\rundll32mgrmgr.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2300
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 156
            5⤵
            • Loads dropped DLL
            • Program crash
            PID:2352
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 152
          4⤵
          • Loads dropped DLL
          • Program crash
          PID:2348
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 228
        3⤵
        • Program crash
        PID:1252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\rundll32mgrmgr.exe
    Filesize

    123KB

    MD5

    9f2ac7383413965045aa13a4705a8d99

    SHA1

    7add11d19bea49fcbb6cdf315d71477a11998e8d

    SHA256

    0cf6926cc791b40eede351eef639396100282ea612fcb42bda9c8096e069908b

    SHA512

    e90cc32e2bda5446000ddd816ef47f683804a4042fce1ce5bb5e58c37ece4498736eda9126f4c992dd6c6eba3936e392d1250c1c5dcd6cafa80eb9ee5ad0d377

    Download Submit

  • \Windows\SysWOW64\rundll32mgr.exe
    Filesize

    249KB

    MD5

    137e9937fd71061c0e4a06812b009177

    SHA1

    73770a377c2f24584c9fe9084a5c4364a54ddbf8

    SHA256

    b6301b1793aca7b2fa9a589880f4e9454647d9d16b8edcac39b319349ae87d86

    SHA512

    13b1fcd197b9147ab7385f29eca585a50a4da12152ad89129712a653336eeb133c3ddb9e0db6cb233e45d96bcfea5ed65b1193114746acc2d92820e682df414c

    Download Submit

  • memory/1784-20-0x00000000000B0000-0x00000000000DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1784-39-0x00000000000B0000-0x00000000000DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1784-40-0x00000000000B0000-0x00000000000DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1784-19-0x00000000000B0000-0x00000000000DF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1784-22-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2196-21-0x0000000000280000-0x00000000002CF000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2196-18-0x0000000000280000-0x00000000002CF000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2196-38-0x0000000000280000-0x00000000002CF000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2196-12-0x0000000010000000-0x0000000010389000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/2196-7-0x0000000010000000-0x0000000010389000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/2196-41-0x0000000000280000-0x00000000002CF000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2300-23-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download