Overview

overview

9

Static

static

9

923753.jpg.dll

windows7_x64

7

923753.jpg.dll

windows10_x64

3

Analysis

  • max time kernel
    24s
  • max time network
    122s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    25-11-2020 08:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    923753.jpg.dll

  • Size

    2.9MB

  • MD5

    3887099911b9df16a1eff94599b00871

  • SHA1

    5e9944de761d8cc337c3783429762cdfae11f3d6

  • SHA256

    ccdc26c2d4de251147a00140aba26f4cc4e9bf8420fc68994318f2038eda9edb

  • SHA512

    d857da4058fe7e82f1752df49d76b863f431d1ee425a641ab3b50ec39d6db0e03470da472f8cdb5a776cd8b2d2bf1f2a52b22599da705889cae03a401ded58ee

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\923753.jpg.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:732
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\923753.jpg.dll,#1
      2⤵
        PID:3920
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 640
          3⤵
          • Program crash
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:212

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/212-1-0x00000000046B0000-0x00000000046B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/212-4-0x0000000004AE0000-0x0000000004AE1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3920-0-0x0000000000000000-mapping.dmp
      Download
    • memory/3920-3-0x0000000000000000-mapping.dmp
      Download
    • memory/3920-2-0x0000000000000000-mapping.dmp
      Download