Overview

overview

10

Static

static

8a581dba18...bc.dll

windows7_x64

10

8a581dba18...bc.dll

windows10-2004_x64

4

Analysis

  • max time kernel
    34s
  • max time network
    37s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    05-02-2022 13:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a581dba18ce5bc9819c559a8d9fec2591f6417fb563d630d71c23b8a99118bc.dll

  • Size

    561KB

  • MD5

    d824c870aa2a02eec9791f97ef1adac9

  • SHA1

    4fbe8ad5dfc4281f2bc78789f6e01aa02a0367bc

  • SHA256

    8a581dba18ce5bc9819c559a8d9fec2591f6417fb563d630d71c23b8a99118bc

  • SHA512

    0c65ba3396b404485c108a1d5a378ebeb36efd77fabac2ad23aa5cd07d2ff48b5cddc691c671955fcff618bf77bf70fae371a50f6e145fe4a4fe69e3ba381722

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\8a581dba18ce5bc9819c559a8d9fec2591f6417fb563d630d71c23b8a99118bc.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3448
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\8a581dba18ce5bc9819c559a8d9fec2591f6417fb563d630d71c23b8a99118bc.dll,#1
      2⤵
        PID:3804
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2164

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2164-130-0x000001C07A790000-0x000001C07A7A0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2164-137-0x000001C07D410000-0x000001C07D414000-memory.dmp
      Filesize

      16KB

      Download