Overview

overview

10

Static

static

ismvxl.woc.dll

windows7_x64

10

ismvxl.woc.dll

windows10_x64

3

Analysis

  • max time kernel
    125s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    19-04-2021 10:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ismvxl.woc.dll

  • Size

    419KB

  • MD5

    5a52b1494c7929a2ef4d2e6d485358e8

  • SHA1

    a78dbd06aef4815e272f476695989706a5432e8d

  • SHA256

    e4fdba0b24b4184ddafe6add29b6d3415e26422e3752a81d049cb888791aabf3

  • SHA512

    d9d76e7ef16394af4576f187cab4fc5e6653c62c4bb092a76a4c0cc4d9209f31b13eeed3533d5e13c969bc7cc7fcd436867cca345fd3677f953f488a91b0eb25

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ismvxl.woc.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2576
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ismvxl.woc.dll,#1
      2⤵
        PID:3192
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 652
          3⤵
          • Program crash
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:2520

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3192-115-0x0000000004B70000-0x0000000004B83000-memory.dmp

      Filesize

      76KB

      Download

    • memory/3192-118-0x00000000030D0000-0x00000000030DC000-memory.dmp

      Filesize

      48KB

      Download

    • memory/3192-119-0x00000000030F0000-0x00000000030FF000-memory.dmp

      Filesize

      60KB

      Download