Analysis
-
max time kernel
156s -
max time network
180s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
24-01-2022 01:17
General
-
Target
b2bc8b74846b6caa644107fe50a7a7ae7d44fc6a2e154064d742ec3daf81cfbc.dll
-
Size
164KB
-
MD5
1929607abe0a6247be80b1ad7f272890
-
SHA1
39de4e83c82237c92d1cceaddf010362642141ed
-
SHA256
b2bc8b74846b6caa644107fe50a7a7ae7d44fc6a2e154064d742ec3daf81cfbc
-
SHA512
c77660e1d51f644635197f6afa9e57fdfaedaf7d24550816ad105fdf737d87dfab9935ec092c2e3af115127e0c05a35900f8be83e051a9fe71d2fb4b0560e0e1
Score
10/10
Malware Config
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b2bc8b74846b6caa644107fe50a7a7ae7d44fc6a2e154064d742ec3daf81cfbc.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b2bc8b74846b6caa644107fe50a7a7ae7d44fc6a2e154064d742ec3daf81cfbc.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 7963⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3488-119-0x0000000003440000-0x0000000003441000-memory.dmpFilesize
4KB
-
memory/3488-118-0x0000000001240000-0x000000000124A000-memory.dmpFilesize
40KB
-
memory/3488-120-0x0000000003450000-0x0000000003451000-memory.dmpFilesize
4KB
-
memory/3488-121-0x0000000003730000-0x0000000003731000-memory.dmpFilesize
4KB
-
memory/3488-122-0x0000000003740000-0x0000000003746000-memory.dmpFilesize
24KB