Analysis
-
max time kernel
128s -
max time network
168s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
24-01-2022 01:42
General
-
Target
809496d8c7d873967459ae448fadb58d2edacf8a1afca3ee3587e10b68bdf2dc.dll
-
Size
166KB
-
MD5
47145cf0712bfcaa8c256b1d1ae60565
-
SHA1
c6cfb4f4e7dffc3735ca401a2d39126c695599fd
-
SHA256
809496d8c7d873967459ae448fadb58d2edacf8a1afca3ee3587e10b68bdf2dc
-
SHA512
7920596c205496f9ce98fa607cd31049e1738ff7ae49a7728470527182268f180fe551f607a0ad51b8c569578eab82999338b14c134636ada84357dd8b20d4ac
Score
10/10
Malware Config
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\809496d8c7d873967459ae448fadb58d2edacf8a1afca3ee3587e10b68bdf2dc.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\809496d8c7d873967459ae448fadb58d2edacf8a1afca3ee3587e10b68bdf2dc.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 7963⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3512-115-0x0000000001050000-0x0000000001073000-memory.dmpFilesize
140KB
-
memory/3512-117-0x0000000001080000-0x0000000001081000-memory.dmpFilesize
4KB
-
memory/3512-116-0x0000000001050000-0x0000000001073000-memory.dmpFilesize
140KB
-
memory/3512-118-0x00000000010E0000-0x00000000010E1000-memory.dmpFilesize
4KB
-
memory/3512-119-0x0000000004900000-0x0000000004906000-memory.dmpFilesize
24KB