Overview

overview

10

Static

static

nameTpl.jpg.dll

windows7_x64

10

nameTpl.jpg.dll

windows10_x64

3

Analysis

  • max time kernel
    10s
  • max time network
    116s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    29-06-2021 02:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nameTpl.jpg.dll

  • Size

    3.0MB

  • MD5

    c5d74107de9630e130f8cfcf53658ea6

  • SHA1

    c3b7ff6ab811df23c6f116d4566c819665685393

  • SHA256

    9822e135cafc24d7d610a2831cd97e13c0f2b3ce1935aadde0bbbcf140395bba

  • SHA512

    9c25d9fb78b7dd441d19f31d6e47788359bc7cf7e8934e9762be81f2747c1264a1ed6ef2f277bc97ce0679fe5f34abe392b14faedc3d587124a26b909edf5db1

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\nameTpl.jpg.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3736
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\nameTpl.jpg.dll
      2⤵
        PID:724
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 628
          3⤵
          • Program crash
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:2684

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/724-114-0x0000000000000000-mapping.dmp
      Download
    • memory/724-115-0x0000000010000000-0x0000000010037000-memory.dmp
      Filesize

      220KB

      Download
    • memory/724-116-0x00000000008A0000-0x00000000008E3000-memory.dmp
      Filesize

      268KB

      Download