Analysis

  • max time kernel
    162s
  • max time network
    177s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    24-01-2022 00:56

General

  • Target

    d7a15f872a64811b74f40992df2f45f7f800ee88775e50cc0ab02d7d9247de51.dll

  • Size

    164KB

  • MD5

    7d202172c49d60aa1847d90bd284114f

  • SHA1

    1cab5eedcd7390806332a2f25d264e79395e1005

  • SHA256

    d7a15f872a64811b74f40992df2f45f7f800ee88775e50cc0ab02d7d9247de51

  • SHA512

    a4cc0b5645d44d13fab043b20602dc9730d36825f75df19743f1d26821dd1c5a7f86d4f2470702d46368032db72a3087484afff768ba7a3441029f75d91b5dfb

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7a15f872a64811b74f40992df2f45f7f800ee88775e50cc0ab02d7d9247de51.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1440
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7a15f872a64811b74f40992df2f45f7f800ee88775e50cc0ab02d7d9247de51.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2176
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 652
        3⤵
        • Program crash
        PID:3960
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 652
        3⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads