Analysis
-
max time kernel
119s -
max time network
131s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
28-01-2022 14:50
General
-
Target
a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f.dll
-
Size
191KB
-
MD5
b50f30c551998532617a9b652af4d4b5
-
SHA1
a212808f1a9a45cdb2c4eb6284e284a94168e83f
-
SHA256
a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f
-
SHA512
afa9114f191af3da6ba5f4d4048d579aefd42cf81c4be07d7c9df38b81d89d76aba99e4906ac3eb1ed5c11b4d79d8f02a9fdc1cbb8a9a61ae0421a5c74408a06
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a159a9bfb938de686f6aced37a2f7fa62d6ff5e702586448884b70804882b32f.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 2443⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1388-55-0x00000000758A1000-0x00000000758A3000-memory.dmpFilesize
8KB
-
memory/1668-57-0x0000000000770000-0x0000000000771000-memory.dmpFilesize
4KB