Overview

overview

10

Static

static

10

03e7aaf552...bb.dll

windows7_x64

1

03e7aaf552...bb.dll

windows10_x64

1

16b04fe267...b7.dll

windows7_x64

1

16b04fe267...b7.dll

windows10_x64

1

2c4b454fe3...d6.dll

windows7_x64

1

2c4b454fe3...d6.dll

windows10_x64

1

6ba6d85cc3...ad.dll

windows7_x64

1

6ba6d85cc3...ad.dll

windows10_x64

1

80e8788a7f...05.dll

windows7_x64

1

80e8788a7f...05.dll

windows10_x64

1

971b2ad87c...0a.dll

windows7_x64

3

971b2ad87c...0a.dll

windows10_x64

3

9ccf017ae4...32.dll

windows7_x64

1

9ccf017ae4...32.dll

windows10_x64

1

cb0cbf5026...80.dll

windows7_x64

1

cb0cbf5026...80.dll

windows10_x64

1

ebd5039cce...19.dll

windows7_x64

1

ebd5039cce...19.dll

windows10_x64

1

f2a4209796...fc.dll

windows7_x64

1

f2a4209796...fc.dll

windows10_x64

1

Analysis

  • max time kernel
    13s
  • max time network
    101s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    30-03-2021 11:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    971b2ad87ced696d68e9476f746735096bf22656331b7bdf3b3f325c2ae1950a.dll

  • Size

    8.3MB

  • MD5

    3ada446f10c2dc41e0e15d698b651db2

  • SHA1

    3fbe80c5ea88f96eae4cddc0f69d61c5b0b04a64

  • SHA256

    971b2ad87ced696d68e9476f746735096bf22656331b7bdf3b3f325c2ae1950a

  • SHA512

    0d6b9ecaa1b3ca82e7e2f9ce03a5bb3d876a4c1b8b4c6fa65f3f5566c05b6a2c19af7c85398a9ada7c0da0535f7439cad719c52d3ab5e54858ed4a25bd825a67

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\971b2ad87ced696d68e9476f746735096bf22656331b7bdf3b3f325c2ae1950a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1284
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\971b2ad87ced696d68e9476f746735096bf22656331b7bdf3b3f325c2ae1950a.dll,#1
      2⤵
        PID:1328
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 600
          3⤵
          • Program crash
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4008

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1328-2-0x0000000000000000-mapping.dmp
      Download
    • memory/4008-3-0x00000000049F0000-0x00000000049F1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4008-4-0x0000000004DF0000-0x0000000004DF1000-memory.dmp
      Filesize

      4KB

      Download