Overview

overview

1

Static

static

Listen.dll

windows7_x64

1

Listen.dll

windows10_x64

1

Analysis

  • max time kernel
    268s
  • max time network
    301s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    04-10-2021 19:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Listen.dll

  • Size

    1.1MB

  • MD5

    54a3bcca6b1eb92adb299a46df941826

  • SHA1

    6988e010056d88985b8e8f8de06706327779d3ca

  • SHA256

    c4ab81d7b7d44dd6dfc4f2b69dbe3f22fbf23c1ae49ab8edac2d26f85ae4514d

  • SHA512

    4e4f10abf8a97f649060cb3eaa125a487141a42b87d2dc1449d87531d927031279bd7b48a3859ffa8f5d4400deea77022ecb00c61de8511756dc9c0d27e3f150

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Listen.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4012
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Listen.dll,#1
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3888
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:784
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3740
      • C:\Windows\system32\rundll32.exe
        rundll32 Listen.dll,asd
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3760
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32 Listen.dll,asd
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3652
  • C:\Windows\system32\osk.exe
    "C:\Windows\system32\osk.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2660
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2812
  • C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    "C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe" -Embedding
    1⤵
      PID:3192
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2460

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/784-120-0x000001CE55E00000-0x000001CE55E01000-memory.dmp
      Filesize

      4KB

      Download
    • memory/784-138-0x000001CE562A0000-0x000001CE562A1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/784-141-0x000001CE53DF0000-0x000001CE53DF2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/784-143-0x000001CE53DF3000-0x000001CE53DF5000-memory.dmp
      Filesize

      8KB

      Download
    • memory/784-151-0x000001CE56360000-0x000001CE56361000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3652-175-0x0000000000000000-mapping.dmp
      Download
    • memory/3652-178-0x0000000003250000-0x0000000003251000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3652-177-0x0000000072B50000-0x0000000073586000-memory.dmp
      Filesize

      10.2MB

      Download
    • memory/3740-171-0x0000000000000000-mapping.dmp
      Download
    • memory/3760-174-0x0000000000000000-mapping.dmp
      Download
    • memory/3888-114-0x0000000000000000-mapping.dmp
      Download
    • memory/3888-160-0x0000000000B20000-0x0000000000B21000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3888-159-0x0000000072B50000-0x0000000073586000-memory.dmp
      Filesize

      10.2MB

      Download
    • memory/3888-158-0x0000000072B50000-0x0000000072B7A000-memory.dmp
      Filesize

      168KB

      Download