Overview

overview

10

Static

static

Datop/test.test.dll

windows7_x64

1

Datop/test.test.dll

windows10_x64

3

Datop/test1.test.dll

windows7_x64

10

Datop/test1.test.dll

windows10_x64

10

Datop/test2.test.dll

windows7_x64

1

Datop/test2.test.dll

windows10_x64

3

specificat...09.xls

windows7_x64

10

specificat...09.xls

windows10_x64

10

qrzteemm.dll

windows7_x64

10

qrzteemm.dll

windows10_x64

10

specificat...09.xls

windows7_x64

10

specificat...09.xls

windows10_x64

10

Analysis

  • max time kernel
    96s
  • max time network
    98s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    24-09-2021 17:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Datop/test2.test.dll

  • Size

    297KB

  • MD5

    be3f95b2ff9a56376525fa48c9db1553

  • SHA1

    f3db37da2369b083f8828bc8ba5ac4c7232983d4

  • SHA256

    868246c1861a22c681d47fdc102215a9c9f7551985f6abcbfb7b983f1cffadbe

  • SHA512

    2ea4b718f870d509c5e2b51954fefe4e916f705f7820963e37e14f7285612beca2c78181a9ba016855d08c74b51ef5d002d0da79b9dde0a82dccc1a83f67e59f

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Datop\test2.test.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:808
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Datop\test2.test.dll,#1
      2⤵
        PID:916
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 580
          3⤵
          • Program crash
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1052

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads