9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d

Resubmissions

18-01-2022 14:06

220118-rer5bsbeb6 1

17-01-2022 01:29

220117-bv8t1sgfhk 1

Analysis

max time kernel
4265064s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
17-01-2022 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Frkmlkdkdubkznbkmcf.dll
Size

273KB
MD5

e61518ae9454a563b8f842286bbdb87b
SHA1

82d29b52e35e7938e7ee610c04ea9daaf5e08e90
SHA256

9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d
SHA512

7a30af55518eb2f125ad475b3e495b9beebcc7cba2adf5d9edf3aa1a9e0a351b53df430061089cdcebe3073364754ccad4d2ca22b05c84c925089a0229f04e6e

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MusNotification.exe

description	ioc	process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MusNotification.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	MusNotification.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

MusNotification.exe

description pid process

Token: SeShutdownPrivilege 1156 MusNotification.exe
Token: SeCreatePagefilePrivilege 1156 MusNotification.exe

description	pid	process
Token: SeShutdownPrivilege	1156	MusNotification.exe
Token: SeCreatePagefilePrivilege	1156	MusNotification.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Frkmlkdkdubkznbkmcf.dll,#1
1⤵
PID:3908

C:\Windows\system32\MusNotification.exe
C:\Windows\system32\MusNotification.exe
1⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1156

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads