Analysis
-
max time kernel
141s -
max time network
141s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
08-07-2020 10:55
General
-
Target
12247d199abb0dbf81620305bdd1e90bef650f81979ae4bedd535b130d1f55e9.dll
-
Size
143KB
-
MD5
7c806cf272e18891b99f3bd41f53527e
-
SHA1
b48de6a13d8b45f9887b4341b08240038d728294
-
SHA256
12247d199abb0dbf81620305bdd1e90bef650f81979ae4bedd535b130d1f55e9
-
SHA512
0adc983cec97fcecd9af2ca71de2d62a0bfa06f60b3a412b0e7dac35117b2976498b3f38ef5eb803c7a7750d1ee834a221a8098550332335947497bc4223e9ba
Score
10/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
-
Adds Run entry to start application 2 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
-
Blacklisted process makes network request 1 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\12247d199abb0dbf81620305bdd1e90bef650f81979ae4bedd535b130d1f55e9.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\12247d199abb0dbf81620305bdd1e90bef650f81979ae4bedd535b130d1f55e9.dll,#12⤵
- Adds Run entry to start application
- Blacklisted process makes network request
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 10803⤵
- Program crash
- Suspicious use of NtCreateProcessExOtherParentProcess
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB