Overview

overview

10

Static

static

10

da482b4635...6b.dll

windows7_x64

3

da482b4635...6b.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    01-02-2022 12:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    da482b46353f652ea536d29cc0709537512dbee701e8d026497676e8cf4ad36b.dll

  • Size

    52KB

  • MD5

    9bb745f96f1afe73dc77f640d968c8a2

  • SHA1

    f13287ed1cefa1da141005158d8db2f3b1505d08

  • SHA256

    da482b46353f652ea536d29cc0709537512dbee701e8d026497676e8cf4ad36b

  • SHA512

    b5cde3dbd779e9567e98dc63bbbd0ae23aa1d786cb7ce5af1639ef7400764afa26528e811e66310622bd564908edf6c65a385fe5697eee100f7c6a1612848581

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\da482b46353f652ea536d29cc0709537512dbee701e8d026497676e8cf4ad36b.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1624
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1624 -s 56
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1796-54-0x000007FEFC321000-0x000007FEFC323000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1796-55-0x0000000002150000-0x0000000002151000-memory.dmp

    Filesize

    4KB

    Download