Resubmissions
31-01-2024 21:42
240131-1ktpsadab6 1024-01-2024 07:47
240124-jml92sdcd6 1023-01-2024 11:54
240123-n25r6ahhfk 1024-06-2020 13:36
200624-enc457kzrj 10Analysis
-
max time kernel
142s -
max time network
138s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
24-06-2020 13:36
Static task
static1
Behavioral task
behavioral1
Sample
A004BC8B4F3DB1EF5A66579B9746B5B1.bin.dll
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
General
-
Target
A004BC8B4F3DB1EF5A66579B9746B5B1.bin.dll
-
Size
424KB
-
MD5
a004bc8b4f3db1ef5a66579b9746b5b1
-
SHA1
88a5fcebfd7a037a9ca9573772ac2334a61b25de
-
SHA256
42bb5eae534eb2cea979c300b797a65febf291b28aea0b9d8bbea7d0a41bffa2
-
SHA512
28aed111b2ecea90c2da03871f36272b8680d392c245fdf0e2f4d4454974a3a51d6744133cecfc2576bbc778742f9b824e8355026b53d029d13ff79bb2136f9b
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeSecurityPrivilege 1504 msiexec.exe Token: SeSecurityPrivilege 1504 msiexec.exe -
Blacklisted process makes network request 2 IoCs
flow pid Process 6 1504 msiexec.exe 7 1504 msiexec.exe -
Suspicious use of WriteProcessMemory 16 IoCs
description pid Process procid_target PID 1016 wrote to memory of 1040 1016 rundll32.exe 24 PID 1016 wrote to memory of 1040 1016 rundll32.exe 24 PID 1016 wrote to memory of 1040 1016 rundll32.exe 24 PID 1016 wrote to memory of 1040 1016 rundll32.exe 24 PID 1016 wrote to memory of 1040 1016 rundll32.exe 24 PID 1016 wrote to memory of 1040 1016 rundll32.exe 24 PID 1016 wrote to memory of 1040 1016 rundll32.exe 24 PID 1040 wrote to memory of 1504 1040 rundll32.exe 27 PID 1040 wrote to memory of 1504 1040 rundll32.exe 27 PID 1040 wrote to memory of 1504 1040 rundll32.exe 27 PID 1040 wrote to memory of 1504 1040 rundll32.exe 27 PID 1040 wrote to memory of 1504 1040 rundll32.exe 27 PID 1040 wrote to memory of 1504 1040 rundll32.exe 27 PID 1040 wrote to memory of 1504 1040 rundll32.exe 27 PID 1040 wrote to memory of 1504 1040 rundll32.exe 27 PID 1040 wrote to memory of 1504 1040 rundll32.exe 27 -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1040 set thread context of 1504 1040 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\A004BC8B4F3DB1EF5A66579B9746B5B1.bin.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1016 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\A004BC8B4F3DB1EF5A66579B9746B5B1.bin.dll,#12⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
PID:1040 -
C:\Windows\SysWOW64\msiexec.exemsiexec.exe3⤵
- Suspicious use of AdjustPrivilegeToken
- Blacklisted process makes network request
PID:1504
-
-