Overview

overview

10

Static

static

10

1817a5bf9c...0c.dll

windows10_x64

3

Analysis

  • max time kernel
    97s
  • max time network
    100s
  • platform
    windows10_x64
  • resource
    win10-20220223-en
  • submitted
    25/02/2022, 20:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1817a5bf9c01035bcf8a975c9f1d94b0ce7f6a200339485d8f93859f8f6d730c.dll

  • Size

    313KB

  • MD5

    35abfb98dac5bf48f7ac0e67afc9bdb7

  • SHA1

    9185029c2630b220a74620c8f3d04886a457e1cf

  • SHA256

    1817a5bf9c01035bcf8a975c9f1d94b0ce7f6a200339485d8f93859f8f6d730c

  • SHA512

    93f1336e3bc7ac01561f0ad7ce5fec7ae078e55db0f5b0cf0663cb5dbbe2acb08f27490da179e27579debc04843bf02f047456c516bf0345ba827e0efe85149a

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1817a5bf9c01035bcf8a975c9f1d94b0ce7f6a200339485d8f93859f8f6d730c.dll,#1
    1⤵
      PID:2264
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 2264 -s 284
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4072
    • C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "C:\Users\Admin\Desktop\StopRevoke.potx"
      1⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:3980

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3980-114-0x00007FFF951F0000-0x00007FFF95200000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3980-115-0x00007FFF951F0000-0x00007FFF95200000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3980-116-0x00007FFF951F0000-0x00007FFF95200000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3980-117-0x00007FFF951F0000-0x00007FFF95200000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3980-120-0x00007FFFD5205000-0x00007FFFD5206000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3980-121-0x00007FFFD396B000-0x00007FFFD396C000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3980-319-0x00007FFF951F0000-0x00007FFF95200000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3980-320-0x00007FFF951F0000-0x00007FFF95200000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3980-321-0x00007FFF951F0000-0x00007FFF95200000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3980-322-0x00007FFF951F0000-0x00007FFF95200000-memory.dmp

            Filesize

            64KB

            Download