Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
14-01-2022 14:16
General
-
Target
04c8d0-8sDqomArlxY5SzhKWD7x6QXAZjojt.dll
-
Size
172KB
-
MD5
ffd349bb84a19f1e9b9d6e68c63170cc
-
SHA1
ed19130acf6c9f930522f9c0caed53dd0f2523c3
-
SHA256
04c8d0427fba79b1c0e640c473441ff6503657749b1709ee85f0912fb6ba3448
-
SHA512
df7d731f45ecbdff19823a5c487d20cb78c97f400cd0895aaf52f9667b5fe3966a57a9928ab2a47667187e66b7cae3e39c36d06ad0c81f3a7a8007a335b2a078
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\04c8d0-8sDqomArlxY5SzhKWD7x6QXAZjojt.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\04c8d0-8sDqomArlxY5SzhKWD7x6QXAZjojt.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 2323⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/952-57-0x0000000000000000-mapping.dmp
-
memory/952-58-0x0000000000530000-0x0000000000531000-memory.dmpFilesize
4KB
-
memory/1660-55-0x0000000000000000-mapping.dmp
-
memory/1660-56-0x0000000076141000-0x0000000076143000-memory.dmpFilesize
8KB