Overview

overview

10

Static

static

10

15a682524e...30.dll

windows7_x64

1

15a682524e...30.dll

windows10_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    153s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    30-01-2022 08:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15a682524e1fd120a22257f511731ee3ab821cfd84dec4441746aadc883b4e30.dll

  • Size

    166KB

  • MD5

    44d4e81b71f5c9c23f51712a1027927d

  • SHA1

    a93c45dfadbc619d12c0c55403e26f15c4da57d8

  • SHA256

    15a682524e1fd120a22257f511731ee3ab821cfd84dec4441746aadc883b4e30

  • SHA512

    985ca60df86a6c2be8c4359e056fb69aff548f650b952f913345d3a79bbada3098c87bd33c32d3a32061febd3bbf67c4305c317108c76c74c6aaf262c77f8e94

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\15a682524e1fd120a22257f511731ee3ab821cfd84dec4441746aadc883b4e30.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3080
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\15a682524e1fd120a22257f511731ee3ab821cfd84dec4441746aadc883b4e30.dll,#1
      2⤵
        PID:2000
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 800
          3⤵
          • Suspicious use of NtCreateProcessExOtherParentProcess
          • Program crash
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1280

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2000-119-0x0000000001100000-0x0000000001101000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2000-118-0x0000000000980000-0x0000000000A2E000-memory.dmp
      Filesize

      696KB

      Download
    • memory/2000-120-0x0000000001110000-0x0000000001111000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2000-121-0x0000000005A50000-0x0000000005A51000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2000-122-0x0000000005BB0000-0x0000000005BB6000-memory.dmp
      Filesize

      24KB

      Download