Overview

overview

10

Static

static

10

file.dll

windows7_x64

1

file.dll

windows10_x64

10

Analysis

  • max time kernel
    30s
  • max time network
    80s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    09-11-2020 19:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.dll

  • Size

    164KB

  • MD5

    f1d7748df9fa1f8dbe8af1551d6500b8

  • SHA1

    795f3d5a7481859135323e8996fda1709b157ca8

  • SHA256

    c3ed8705aecf16a07e86717d4dd6a33847cf0b87bb2d58e56a502bbf952d5f03

  • SHA512

    3c1e77f113367f7ec7a492d8f8140afa124d0359ea05883adbe732527073415799990f9b4bb6492bf10eb5eb2117feeb8c799b282caf9a2c7c8f0f0907fe0a4f

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:972
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.dll,#1
      2⤵
        PID:1748
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 796
          3⤵
          • Suspicious use of NtCreateProcessExOtherParentProcess
          • Program crash
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:904

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/904-1-0x00000000044A0000-0x00000000044A1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/904-8-0x0000000004C10000-0x0000000004C11000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1748-0-0x0000000000000000-mapping.dmp
      Download
    • memory/1748-3-0x0000000000000000-mapping.dmp
      Download
    • memory/1748-2-0x0000000000000000-mapping.dmp
      Download
    • memory/1748-4-0x0000000000000000-mapping.dmp
      Download
    • memory/1748-5-0x0000000000000000-mapping.dmp
      Download
    • memory/1748-6-0x0000000000000000-mapping.dmp
      Download