Overview

overview

10

Static

static

10

c427a2ce41...f8.dll

windows7_x64

5

c427a2ce41...f8.dll

windows10-2004_x64

8

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    01-02-2022 09:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c427a2ce4158cdf1f320a1033de204097c781475889b284f6815b6d6f4819ff8.dll

  • Size

    340KB

  • MD5

    6ef7c427280a283ebbd0736d0caafb1b

  • SHA1

    f9fa49f868caf4da1b4a2e2a67d402b893bfa372

  • SHA256

    c427a2ce4158cdf1f320a1033de204097c781475889b284f6815b6d6f4819ff8

  • SHA512

    7d934e9878e270699895dfbea65dfdc95c93c1ab0c87ed805210430bf74266600a709e9e1b06b16ab409c7f1c7b3befb77a7b829e2c54df4f55d5a7396b1f6c9

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c427a2ce4158cdf1f320a1033de204097c781475889b284f6815b6d6f4819ff8.dll,#1
    1⤵
    • Drops file in System32 directory
    PID:944
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {5ABD4C6F-22DC-47B0-A750-B20C31ED33AB} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Windows\system32\rundll32.exe
      C:\Windows\system32\rundll32.exe -u
      2⤵
        PID:304

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads