Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10_x64

10

entry-64.tmp.dll

windows7_x64

1

entry-64.tmp.dll

windows10_x64

10

Resubmissions

22-02-2022 16:12

220222-tnr7ssahd4 10

29-12-2021 16:43

211229-t8h5madfcj 10

Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    29-12-2021 16:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    entry-64.tmp.dll

  • Size

    160KB

  • MD5

    d6444f52777f52f5a18dfa8d30fe8ce2

  • SHA1

    68be9b3164b7b7f133bb0242b77e88b04bc03b08

  • SHA256

    6c358edb2a4ffa59ffcd066960f937db7f95cf646ea2792bc5efbe8b3072dae7

  • SHA512

    f5d6ee66748d9d51cab0b3e85a451dcaccdbee04eb31e5dcd6f019a3f08b4818134d5c0d41dd2991c152a6292d34e81495d19dbd5eb51da16ecb60def5625179

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\entry-64.tmp.dll,#1
    1⤵
      PID:3772
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 3772 -s 376
        2⤵
        • Suspicious use of NtCreateProcessExOtherParentProcess
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:356

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3772-118-0x00007FF75CD30000-0x00007FF75CD35000-memory.dmp
      Filesize

      20KB

      Download