Analysis
-
max time kernel
121s -
max time network
161s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
24-01-2022 01:36
General
-
Target
8d4ce23030414f443249c64ef0560fdc3e80502497b92d3d51a0ec370d457021.dll
-
Size
164KB
-
MD5
b914a72f794b8d7fb07219bbad04466f
-
SHA1
379d200d7d4d412762b84478f9a7017691363234
-
SHA256
8d4ce23030414f443249c64ef0560fdc3e80502497b92d3d51a0ec370d457021
-
SHA512
52f4cb79dce89d4a7bb5c2aeeeb9db7085a59fc73c36f92620595e17bf1b67208914a0c823d31d3f7ad428517da7d4a12b2dbd27a533d6c2067fa7dc665e03f7
Score
10/10
Malware Config
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8d4ce23030414f443249c64ef0560fdc3e80502497b92d3d51a0ec370d457021.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8d4ce23030414f443249c64ef0560fdc3e80502497b92d3d51a0ec370d457021.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 8123⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2704-118-0x0000000002860000-0x0000000002B54000-memory.dmpFilesize
3.0MB
-
memory/2704-119-0x0000000002860000-0x0000000002B54000-memory.dmpFilesize
3.0MB
-
memory/2704-120-0x0000000005740000-0x0000000005741000-memory.dmpFilesize
4KB
-
memory/2704-121-0x00000000057D0000-0x00000000057D1000-memory.dmpFilesize
4KB
-
memory/2704-122-0x00000000057E0000-0x00000000057E6000-memory.dmpFilesize
24KB