Overview

overview

10

Static

static

championship.inf.dll

windows7_x64

10

championship.inf.dll

windows10_x64

10

Resubmissions

15-09-2021 06:42

210915-hgtlhadaer 10

14-09-2021 08:06

210914-jzwz1sacfj 10

10-09-2021 11:57

210910-n4w8ssdbdp 10

08-09-2021 11:10

210908-m965hshefk 10

Analysis

  • max time kernel
    59s
  • max time network
    60s
  • platform
    windows10_x64
  • resource
    win10-en
  • submitted
    15-09-2021 06:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    championship.inf.dll

  • Size

    2.0MB

  • MD5

    0b7da6388091ff9d696a18c95d41b587

  • SHA1

    6c10d7d88606ac1afd30b4e61bf232329a276cdc

  • SHA256

    6eedf45cb91f6762de4e35e36bcb03e5ad60ce9ac5a08caeb7eda035cd74762b

  • SHA512

    45b26e8f9885dca6f4e1984fc39cb4c2a5b5988c970f35dde987b7a5a8417acbe5e972a6602071e903425f91a9095c7c289e574c3bad3039324185ad85d06a9a

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 2 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Deletes itself 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\championship.inf.dll,#1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4044
  • C:\Program Files\Windows Mail\wabmig.exe
    "C:\Program Files\Windows Mail\wabmig.exe"
    1⤵
    • Process spawned unexpected child process
    PID:4048
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -c "Sleep 5 ; Remove-Item -Path "C:\Users\Admin\AppData\Local\Temp\championship.inf.dll" -Force
    1⤵
    • Process spawned unexpected child process
    • Deletes itself
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1256-120-0x0000025F1F470000-0x0000025F1F472000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1256-122-0x0000025F1F473000-0x0000025F1F475000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1256-123-0x0000025F06DA0000-0x0000025F06DA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1256-127-0x0000025F20750000-0x0000025F20751000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1256-139-0x0000025F1F476000-0x0000025F1F478000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4044-115-0x00007FFD486C0000-0x00007FFD486D0000-memory.dmp
    Filesize

    64KB

    Download