Overview

overview

10

Static

static

10

d48edfe661...ff.dll

windows7_x64

6

d48edfe661...ff.dll

windows10_x64

6

Analysis

  • max time kernel
    125s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    24-01-2022 00:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d48edfe661d15d1146923844c2bc79f5992a2c38d4bb60c6d9f67094492194ff.dll

  • Size

    166KB

  • MD5

    46a10b1e1fe68e124c86ee237751fd44

  • SHA1

    78f29761f7f0f57a8f92e5f23d9e4d2d6465e848

  • SHA256

    d48edfe661d15d1146923844c2bc79f5992a2c38d4bb60c6d9f67094492194ff

  • SHA512

    c0fbd92fcb136fd5376efba041d4170eccd8bae219812ef00dfc7edfe26f06b651153bdfa2b01d648ebbbc6901c3205790c26a037f85625c0722173d843e633a

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d48edfe661d15d1146923844c2bc79f5992a2c38d4bb60c6d9f67094492194ff.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3728
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d48edfe661d15d1146923844c2bc79f5992a2c38d4bb60c6d9f67094492194ff.dll,#1
      2⤵
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      PID:684

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads