Overview

overview

10

Static

static

10

0d6a10df6e...a0.dll

windows7_x64

5

0d6a10df6e...a0.dll

windows10_x64

5

Analysis

  • max time kernel
    123s
  • max time network
    12s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    03-08-2021 19:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d6a10df6eeb1dbb88b4d625873ed13daa367e165374a72daa16170af3ee31a0.dll

  • Size

    299KB

  • MD5

    d9a7c058d91a93047e925c8e2f37dcc0

  • SHA1

    4cd12b4fd8ddc3dad8c515c2e01fe71f0736cfa2

  • SHA256

    0d6a10df6eeb1dbb88b4d625873ed13daa367e165374a72daa16170af3ee31a0

  • SHA512

    8cc311cb0c90781fcebd50370746bfdb7f58747c4b76341c86a88ee3ee9fe54a45abf02618c747a3dbe937536a628997a601f1b283658fc251a8f202d3887b10

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d6a10df6eeb1dbb88b4d625873ed13daa367e165374a72daa16170af3ee31a0.dll,#1
    1⤵
    • Drops file in System32 directory
    PID:360
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {BE13E0F2-6B9C-4EA6-A154-4AE0F82B0BD0} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1296
    • C:\Windows\system32\rundll32.exe
      C:\Windows\system32\rundll32.exe -u
      2⤵
        PID:760

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads