Overview

overview

10

Static

static

10

f9a7636d26...ac.dll

windows7-x64

6

f9a7636d26...ac.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    18-02-2025 08:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9a7636d26a7f815e8be066a51a3682612cdcd7887da1c2363c1a734d7b0f1ac.dll

  • Size

    80KB

  • MD5

    7b0d572ae529ebe826c10d93d3176ff9

  • SHA1

    872d3e48ea0e4507d33bbd529830dee8cb811d32

  • SHA256

    f9a7636d26a7f815e8be066a51a3682612cdcd7887da1c2363c1a734d7b0f1ac

  • SHA512

    1c03d94fed70494746aa2bdb55459a17a43b673d7f108ccb8b37478dd2e27e45703b62d4dd5162f06afdfe77ba71c739db93392bbbb2b2c6516558ee1f6c2b5f

  • SSDEEP

    1536:uIcs6msUvrh8ErMInQ+4cw9NVWfjaRkE4LEl8B60Y2lfxxHZPE1ossZDuN:dcs6v68Erj3w9zWf+SEFuk0/pfPtsc8

Score
6/10
discoveryupx

Malware Config

Signatures

  • Network Service Discovery 1 TTPs 6 IoCs

    Attempt to gather information on host's network.

    discovery
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9a7636d26a7f815e8be066a51a3682612cdcd7887da1c2363c1a734d7b0f1ac.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9a7636d26a7f815e8be066a51a3682612cdcd7887da1c2363c1a734d7b0f1ac.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2940
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 248
        3⤵
        • Program crash
        PID:2132
      • C:\Windows\SysWOW64\arp.exe
        arp -a
        3⤵
        • Network Service Discovery
        • System Location Discovery: System Language Discovery
        PID:2796
      • C:\Windows\SysWOW64\arp.exe
        arp -s 10.127.0.1 7b-07-d2-92-5a-5e
        3⤵
        • Network Service Discovery
        • System Location Discovery: System Language Discovery
        PID:1508
      • C:\Windows\SysWOW64\arp.exe
        arp -s 10.127.255.255 57-02-81-46-e8-12
        3⤵
        • Network Service Discovery
        • System Location Discovery: System Language Discovery
        PID:3048
      • C:\Windows\SysWOW64\arp.exe
        arp -s 154.61.71.51 f6-aa-fb-08-8e-7c
        3⤵
        • Network Service Discovery
        • System Location Discovery: System Language Discovery
        PID:2812
      • C:\Windows\SysWOW64\arp.exe
        arp -s 224.0.0.22 7a-e6-a4-9b-6a-39
        3⤵
        • Network Service Discovery
        • System Location Discovery: System Language Discovery
        PID:2936
      • C:\Windows\SysWOW64\arp.exe
        arp -s 224.0.0.251 78-fd-04-b9-ba-60
        3⤵
        • Network Service Discovery
        PID:2136

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2940-3-0x0000000000030000-0x0000000000031000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2940-2-0x0000000010000000-0x0000000010033000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2940-1-0x0000000010000000-0x0000000010033000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2940-0-0x0000000010000000-0x0000000010033000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2940-10-0x0000000010000000-0x0000000010033000-memory.dmp

    Filesize

    204KB

    Download