Overview

overview

10

Static

static

10

1817a5bf9c...0c.dll

windows7_x64

1

1817a5bf9c...0c.dll

windows10_x64

3

Analysis

  • max time kernel
    14s
  • max time network
    112s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    08-02-2021 20:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1817a5bf9c01035bcf8a975c9f1d94b0ce7f6a200339485d8f93859f8f6d730c.dll

  • Size

    313KB

  • MD5

    35abfb98dac5bf48f7ac0e67afc9bdb7

  • SHA1

    9185029c2630b220a74620c8f3d04886a457e1cf

  • SHA256

    1817a5bf9c01035bcf8a975c9f1d94b0ce7f6a200339485d8f93859f8f6d730c

  • SHA512

    93f1336e3bc7ac01561f0ad7ce5fec7ae078e55db0f5b0cf0663cb5dbbe2acb08f27490da179e27579debc04843bf02f047456c516bf0345ba827e0efe85149a

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1817a5bf9c01035bcf8a975c9f1d94b0ce7f6a200339485d8f93859f8f6d730c.dll,#1
    1⤵
      PID:412
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 412 -s 284
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2348

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2348-2-0x00000219F9DE0000-0x00000219F9DE1000-memory.dmp

      Filesize

      4KB

      Download