Overview

overview

10

Static

static

10

7e682a5a64...5c.dll

windows7_x64

3

7e682a5a64...5c.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    167s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    04-02-2022 16:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e682a5a643eb9d96a3b3e248caa879ba6c08c960f8d97337d7060e146d2475c.dll

  • Size

    37KB

  • MD5

    86f803bc46706fb543f147ab108cf358

  • SHA1

    4960d039f6e951b6fbb1df04d3d3351d558d29a5

  • SHA256

    7e682a5a643eb9d96a3b3e248caa879ba6c08c960f8d97337d7060e146d2475c

  • SHA512

    ee6200da84267fd32005512eaaab2bce021592d40c9424a443c289ad0769d0b131b5b771e819c6bf42308823bc4f4c9356ae2e541fbaf7fca1e40eccbf32e4f4

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e682a5a643eb9d96a3b3e248caa879ba6c08c960f8d97337d7060e146d2475c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1112
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1112 -s 168
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2044-54-0x000007FEFB771000-0x000007FEFB773000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2044-55-0x0000000001C30000-0x0000000001C31000-memory.dmp

    Filesize

    4KB

    Download