Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
01-12-2021 18:24
General
-
Target
0x000100000001ab31-114.dat.dll
-
Size
11KB
-
MD5
fccff8cb7a1067e23fd2e2b63971a8e1
-
SHA1
30e2a9e137c1223a78a0f7b0bf96a1c361976d91
-
SHA256
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
-
SHA512
f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0x000100000001ab31-114.dat.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0x000100000001ab31-114.dat.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 2243⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1176-55-0x0000000000000000-mapping.dmp
-
memory/1176-56-0x0000000075821000-0x0000000075823000-memory.dmpFilesize
8KB
-
memory/1500-57-0x0000000000000000-mapping.dmp
-
memory/1500-59-0x0000000000550000-0x0000000000551000-memory.dmpFilesize
4KB