Overview

overview

10

Static

static

10

ecaa2b46d7...3c.dll

windows7_x64

6

ecaa2b46d7...3c.dll

windows10_x64

6

Analysis

  • max time kernel
    123s
  • max time network
    130s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    24-01-2022 00:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ecaa2b46d7bf529aa93f2a7e20b912ab3edd641d37ee755595daaa94cd62b83c.dll

  • Size

    115KB

  • MD5

    ea79b4e7b34aac0dedbf42d7778ca3f4

  • SHA1

    7d15cc9bf05c60588aef9a0aebe7e5cca7fb78b8

  • SHA256

    ecaa2b46d7bf529aa93f2a7e20b912ab3edd641d37ee755595daaa94cd62b83c

  • SHA512

    01ba5b74647365f00998fa6aa529406a3e6d30db27db2f2113dc7cb0cb1ad131cefec491f8e218ea87bdc8d51ec285911b1532d9f6eee92aafa7e2cea6124f92

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ecaa2b46d7bf529aa93f2a7e20b912ab3edd641d37ee755595daaa94cd62b83c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ecaa2b46d7bf529aa93f2a7e20b912ab3edd641d37ee755595daaa94cd62b83c.dll,#1
      2⤵
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      PID:2892
  • C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe -Embedding
    1⤵
      PID:776

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads