Overview

overview

10

Static

static

10b9b1d8f6...in.dll

windows7_x64

10

10b9b1d8f6...in.dll

windows10-2004_x64

5

Analysis

  • max time kernel
    1s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    25-05-2022 09:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10b9b1d8f6bafd9bb57ccfb1da4a658f10207d566781fa5fb3c4394d283e860e.bin.dll

  • Size

    21KB

  • MD5

    a60c5212d52fe1488d2f82989a2947d2

  • SHA1

    0a744d6c76902d28eb6687d66c18b0a354f29b9d

  • SHA256

    10b9b1d8f6bafd9bb57ccfb1da4a658f10207d566781fa5fb3c4394d283e860e

  • SHA512

    afd14daa5bd9448e09f25d561e8be34e16f93a2825129d165e817a4a2a3ffc339efefd6f26e78c4853acfbce7f51c88b81601324b123d8c377d72da15dcf9327

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs

Processes

  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
      PID:2708
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
      1⤵
        PID:2812
      • C:\Windows\system32\taskhostw.exe
        taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
        1⤵
          PID:2924
        • C:\Windows\Explorer.EXE
          C:\Windows\Explorer.EXE
          1⤵
            PID:2952
            • C:\Windows\system32\rundll32.exe
              rundll32.exe C:\Users\Admin\AppData\Local\Temp\10b9b1d8f6bafd9bb57ccfb1da4a658f10207d566781fa5fb3c4394d283e860e.bin.dll,#1
              2⤵
              • Suspicious use of SetThreadContext
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: MapViewOfSection
              PID:3648

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads