Analysis
-
max time kernel
123s -
max time network
174s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
24-01-2022 01:23
General
-
Target
a733760b6ec283f103e8eeca99a1fc6ff7173f7f5c49912db3293060fb6f9bf1.dll
-
Size
164KB
-
MD5
f8c6aa1221cff707326a236c866f35cd
-
SHA1
17f5791a8744921e9f4f18c6413fded352f126ef
-
SHA256
a733760b6ec283f103e8eeca99a1fc6ff7173f7f5c49912db3293060fb6f9bf1
-
SHA512
dcbc7f416250403b64d9bf16c80b46a3018dfddd74fc2d731eaa5ec1ad4f22644b66ff566443a42abf979c1ab0980fa48118396796ac0e5f1d11eb220694161e
Score
10/10
Malware Config
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a733760b6ec283f103e8eeca99a1fc6ff7173f7f5c49912db3293060fb6f9bf1.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a733760b6ec283f103e8eeca99a1fc6ff7173f7f5c49912db3293060fb6f9bf1.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 8043⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2020-116-0x00000000057C0000-0x00000000057C1000-memory.dmpFilesize
4KB
-
memory/2020-115-0x00000000057B0000-0x00000000057BA000-memory.dmpFilesize
40KB
-
memory/2020-117-0x00000000057D0000-0x00000000057D1000-memory.dmpFilesize
4KB
-
memory/2020-118-0x0000000005860000-0x0000000005861000-memory.dmpFilesize
4KB
-
memory/2020-119-0x0000000005870000-0x0000000005876000-memory.dmpFilesize
24KB