Overview

overview

10

Static

static

ac2071e4dc...72.dll

windows7_x64

7

ac2071e4dc...72.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    62s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    02-05-2022 00:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac2071e4dc5422825963da4f321466c4d3376498902b0ea1aa56e1e6ef576572.dll

  • Size

    3.4MB

  • MD5

    1dc00acdb581b52fbc009ffa34997d8e

  • SHA1

    141f592b11ec85b523d5bd56905a54956e20a4b6

  • SHA256

    ac2071e4dc5422825963da4f321466c4d3376498902b0ea1aa56e1e6ef576572

  • SHA512

    168f48276a5dd084351340ec34af97c6a6c189ba6f614af2046d31ba12d50cdda71a7f23f2ee1e50030f9d060e5bd5a3fe32e76d87ab7e0313dd237238bb92ab

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 47 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac2071e4dc5422825963da4f321466c4d3376498902b0ea1aa56e1e6ef576572.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1624
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac2071e4dc5422825963da4f321466c4d3376498902b0ea1aa56e1e6ef576572.dll,#1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1932
      • C:\Windows\SysWOW64\extrac32.exe
        "C:\Windows\system32\extrac32.exe"
        3⤵
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of WriteProcessMemory
        PID:960
        • C:\Users\Admin\AppData\Local\Temp\cmd.exe
          "C:\Users\Admin\AppData\Local\Temp\cmd.exe"
          4⤵
            PID:1168

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\cmd.exe
      Filesize

      295KB

      MD5

      ad7b9c14083b52bc532fba5948342b98

      SHA1

      ee8cbf12d87c4d388f09b4f69bed2e91682920b5

      SHA256

      17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae

      SHA512

      e12aad20c824187b39edb3c7943709290b5ddbf1b4032988db46f2e86da3cf7e7783f78c82e4dc5da232f666b8f9799a260a1f8e2694eb4d0cdaf78da710fde1

      Download Submit
    • memory/960-58-0x0000000000000000-mapping.dmp
      Download
    • memory/960-60-0x00000000043C0000-0x0000000004442000-memory.dmp
      Filesize

      520KB

      Download
    • memory/960-61-0x0000000076E30000-0x0000000076FD9000-memory.dmp
      Filesize

      1.7MB

      Download
    • memory/960-62-0x00000000008D0000-0x00000000008D8000-memory.dmp
      Filesize

      32KB

      Download
    • memory/960-63-0x00000000043C6000-0x00000000043D6000-memory.dmp
      Filesize

      64KB

      Download
    • memory/1932-54-0x0000000000000000-mapping.dmp
      Download
    • memory/1932-55-0x0000000075C71000-0x0000000075C73000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1932-56-0x0000000001DA0000-0x0000000002126000-memory.dmp
      Filesize

      3.5MB

      Download
    • memory/1932-57-0x0000000000110000-0x0000000000119000-memory.dmp
      Filesize

      36KB

      Download