Overview

overview

1

Static

static

talisman.dll

windows7_x64

1

talisman.dll

windows10-2004_x64

1

Resubmissions

21-02-2023 10:44

230221-ms9t3sgd3y 10

29-03-2022 09:37

220329-llf3rahafr 1

Analysis

  • max time kernel
    4294179s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    29-03-2022 09:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    talisman.dll

  • Size

    228KB

  • MD5

    c6c6162cca729c4da879879b126d27c0

  • SHA1

    80e5fd86127de526be75ef42ebc390fb0d559791

  • SHA256

    344fc6c3211e169593ab1345a5cfa9bcb46a4604fe61ab212c9316c0d72b0865

  • SHA512

    8e28e787bbb5f88211657148478351807c19cc47c2a1665f802927d9d6c9c0b0b6e0fb52e424aad011cdf70464feffbb1f2929a7ba37f69d758f85b337b55bf6

Score
1/10

Malware Config

Signatures

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\talisman.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1604
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\talisman.dll,#1
      2⤵
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/280-54-0x0000000000000000-mapping.dmp

    Download

  • memory/280-55-0x0000000076851000-0x0000000076853000-memory.dmp

    Filesize

    8KB

    Download