Overview

overview

10

Static

static

10

ac6cefea98...58.dll

windows7_x64

3

ac6cefea98...58.dll

windows10_x64

3

Analysis

  • max time kernel
    3s
  • max time network
    8s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    12-11-2020 13:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac6cefea98f8d99848ed620ac10cea79459ffd97d6397dc1f43d1a784f220858.dll

  • Size

    256KB

  • MD5

    9b7cefccf030c4ff50cff54248d4f1fc

  • SHA1

    de707e5f50d5da43766802ac9859bc19b73362cf

  • SHA256

    ac6cefea98f8d99848ed620ac10cea79459ffd97d6397dc1f43d1a784f220858

  • SHA512

    5181b06686cd0edc3b8f72ab81a589329552618a8403b81e96c9139643e2ef4e8b98c8d6980c042e6f404461eacc9201097dc4159b194d2b0925c7edf287a1e7

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac6cefea98f8d99848ed620ac10cea79459ffd97d6397dc1f43d1a784f220858.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1668
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1668 -s 108
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1496-0-0x0000000000000000-mapping.dmp
    Download
  • memory/1496-1-0x0000000001F60000-0x0000000001F71000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1496-2-0x0000000002700000-0x0000000002711000-memory.dmp
    Filesize

    68KB

    Download