Analysis
-
max time kernel
4265064s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
17-01-2022 01:29
Static task
static1
Behavioral task
behavioral1
Sample
Frkmlkdkdubkznbkmcf.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Frkmlkdkdubkznbkmcf.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
Frkmlkdkdubkznbkmcf.dll
-
Size
273KB
-
MD5
e61518ae9454a563b8f842286bbdb87b
-
SHA1
82d29b52e35e7938e7ee610c04ea9daaf5e08e90
-
SHA256
9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d
-
SHA512
7a30af55518eb2f125ad475b3e495b9beebcc7cba2adf5d9edf3aa1a9e0a351b53df430061089cdcebe3073364754ccad4d2ca22b05c84c925089a0229f04e6e
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
MusNotification.exedescription ioc process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 MusNotification.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz MusNotification.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
MusNotification.exedescription pid process Token: SeShutdownPrivilege 1156 MusNotification.exe Token: SeCreatePagefilePrivilege 1156 MusNotification.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Frkmlkdkdubkznbkmcf.dll,#11⤵
-
C:\Windows\system32\MusNotification.exeC:\Windows\system32\MusNotification.exe1⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken