Overview

overview

10

Static

static

10

Wolfteam/Hack.exe

windows7_x64

10

Wolfteam/Hack.exe

windows10_x64

10

Wolfteam/S...RT.dll

windows7_x64

Wolfteam/S...RT.dll

windows10_x64

Wolfteam/a..._0.dll

windows7_x64

Wolfteam/a..._0.dll

windows10_x64

Wolfteam/a..._0.dll

windows7_x64

Wolfteam/a..._0.dll

windows10_x64

Wolfteam/a..._0.dll

windows7_x64

Wolfteam/a..._0.dll

windows10_x64

Wolfteam/a..._0.dll

windows7_x64

1

Wolfteam/a..._0.dll

windows10_x64

1

Wolfteam/python27.dll

windows7_x64

Wolfteam/python27.dll

windows10_x64

Analysis

  • max time kernel
    29s
  • max time network
    13s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    25-03-2021 22:00

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Wolfteam/SpeedTreeRT.dll

  • Size

    1.7MB

  • MD5

    1ac3d612389fa679f5ca3c6bab855145

  • SHA1

    2f4f279d0c99c112db1adee5a3c324d0355fcbf5

  • SHA256

    ddba9b9b427d541ebc0bf1221fffc5d56a85d7b8ee0dfe6370a83a133da6967b

  • SHA512

    847376db96f3a3c1ab844fbf066f4e0e05b203769d7ca04fdf2463e86fc99ea1589054d1cc10ff70e45a5fb82a9e103edc2aa17b76cd94497cd49fedb6e06788

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Wolfteam\SpeedTreeRT.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Wolfteam\SpeedTreeRT.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1640
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 228
        3⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1444
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:1272
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:320

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/320-10-0x0000000002820000-0x0000000002821000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1272-7-0x000007FEFC2C1000-0x000007FEFC2C3000-memory.dmp
        Filesize

        8KB

        Download
      • memory/1272-8-0x00000000027C0000-0x00000000027C1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1444-4-0x0000000000000000-mapping.dmp
        Download
      • memory/1444-5-0x0000000002090000-0x00000000020A1000-memory.dmp
        Filesize

        68KB

        Download
      • memory/1444-6-0x00000000004F0000-0x00000000004F1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1640-2-0x0000000000000000-mapping.dmp
        Download
      • memory/1640-3-0x00000000756A1000-0x00000000756A3000-memory.dmp
        Filesize

        8KB

        Download