Overview

overview

10

Static

static

10

2aa995b0a8...48.dll

windows7_x64

1

2aa995b0a8...48.dll

windows10_x64

3

Analysis

  • max time kernel
    184s
  • max time network
    213s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    28-01-2022 18:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2aa995b0a818fa730f176f261b23dab7a32d49de598ad7dbb35f913a1fa4bd48.dll

  • Size

    134KB

  • MD5

    ad7b4feba1bc01cdc6a6dff64ebe468c

  • SHA1

    bd26238fb7d7e16ea79073d882bba00d34dd859c

  • SHA256

    2aa995b0a818fa730f176f261b23dab7a32d49de598ad7dbb35f913a1fa4bd48

  • SHA512

    e9a9b4213125b11332e10598ff99d5b2304098f0dc742af4f948abd74506a668cbe0e271ea37ca9b1acbc6e410d5236de100ffbadf869137112cb5a6b7a42b96

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2aa995b0a818fa730f176f261b23dab7a32d49de598ad7dbb35f913a1fa4bd48.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2804
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2aa995b0a818fa730f176f261b23dab7a32d49de598ad7dbb35f913a1fa4bd48.dll,#1
      2⤵
        PID:3668
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 640
          3⤵
          • Program crash
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:3148

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads