005afae5aa5beec765e74b461177dce8342067c29985ef9c683af7e2d92eeef0 | Triage

Resubmissions

29-11-2022 18:02

221129-wmftgscc67 10

31-01-2022 21:12

220131-z16hvaceh6 8

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-en-20211208
submitted
31-01-2022 21:12

Sharing

Report Analysis Logs

General

Target

005afae5aa5beec765e74b461177dce8342067c29985ef9c683af7e2d92eeef0.dll
Size

149KB
MD5

01f515171b5332a5b888deba32b9d99f
SHA1

20a1b94783ceb41b6e1c476c89fb117efe5f2d3f
SHA256

005afae5aa5beec765e74b461177dce8342067c29985ef9c683af7e2d92eeef0
SHA512

5a88e27058f428bd9c719f66e4019047497ff031a62c22dc4266ffd9f5ab5e321eced9c2d6f5e233ade4680cb41d64aef9df5dcb80af7a5160688cc4c2c11e46

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

rundll32.exe

description pid process

Token: SeDebugPrivilege 1796 rundll32.exe
Token: SeTcbPrivilege 1796 rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1928 wrote to memory of 1796	1928	rundll32.exe	rundll32.exe
PID 1928 wrote to memory of 1796	1928	rundll32.exe	rundll32.exe
PID 1928 wrote to memory of 1796	1928	rundll32.exe	rundll32.exe
PID 1928 wrote to memory of 1796	1928	rundll32.exe	rundll32.exe
PID 1928 wrote to memory of 1796	1928	rundll32.exe	rundll32.exe
PID 1928 wrote to memory of 1796	1928	rundll32.exe	rundll32.exe
PID 1928 wrote to memory of 1796	1928	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\005afae5aa5beec765e74b461177dce8342067c29985ef9c683af7e2d92eeef0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\005afae5aa5beec765e74b461177dce8342067c29985ef9c683af7e2d92eeef0.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1796-55-0x0000000076511000-0x0000000076513000-memory.dmp

Filesize
8KB

Download