1776f6da8c520fd5753480ed1900040cffaa86edf51220b6b7c45af74c9514ce

Analysis

max time kernel
402s
max time network
406s
platform
windows10_x64
resource
win10-20220414-en
submitted
29-06-2022 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

glcheck.dll
Size

43KB
MD5

ababce15b20848b530dfdd65c001d0e3
SHA1

72c917b56b11635f2b8f2996a48301cab251b78e
SHA256

1776f6da8c520fd5753480ed1900040cffaa86edf51220b6b7c45af74c9514ce
SHA512

920a155394dfecdd83418a0ea6285456d2148f7ca3bc406feb10ea5e0af79e6cf736e0980b319f0b37a4dca2b5949863cfe2c833377d799695b5bb445134d18a

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

powershell.exe

pid process

2072 powershell.exe
2072 powershell.exe
2072 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 2072 powershell.exe

pid	process
2072	powershell.exe
2072	powershell.exe
2072	powershell.exe

description	pid	process
Token: SeDebugPrivilege	2072	powershell.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

rundll32.exepowershell.execmd.exeregsvr32.exe

description	pid	process	target process
PID 4408 wrote to memory of 2556	4408	rundll32.exe	rundll32.exe
PID 4408 wrote to memory of 2556	4408	rundll32.exe	rundll32.exe
PID 4408 wrote to memory of 2556	4408	rundll32.exe	rundll32.exe
PID 2072 wrote to memory of 3104	2072	powershell.exe	cmd.exe
PID 2072 wrote to memory of 3104	2072	powershell.exe	cmd.exe
PID 3104 wrote to memory of 3640	3104	cmd.exe	regsvr32.exe
PID 3104 wrote to memory of 3640	3104	cmd.exe	regsvr32.exe
PID 3640 wrote to memory of 3716	3640	regsvr32.exe	regsvr32.exe
PID 3640 wrote to memory of 3716	3640	regsvr32.exe	regsvr32.exe
PID 3640 wrote to memory of 3716	3640	regsvr32.exe	regsvr32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\glcheck.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4408

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\glcheck.dll,#1
2⤵
PID:2556

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2072

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:3104

C:\Windows\system32\regsvr32.exe
regsvr32 glcheck.dll
3⤵
- Suspicious use of WriteProcessMemory
PID:3640

C:\Windows\SysWOW64\regsvr32.exe
glcheck.dll
4⤵
PID:3716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2072-174-0x000001D534570000-0x000001D534592000-memory.dmp

Filesize
136KB

Download
memory/2072-205-0x000001D534BB0000-0x000001D534C26000-memory.dmp

Filesize
472KB

Download
memory/2072-194-0x000001D5324D0000-0x000001D53250C000-memory.dmp

Filesize
240KB

Download
memory/2556-151-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-133-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-122-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-123-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-124-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-125-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-126-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-127-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-128-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-129-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-130-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-132-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-131-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-153-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-134-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-135-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-136-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-137-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-138-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-139-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-140-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-141-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-142-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-143-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-154-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-145-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-146-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-147-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-148-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-149-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-150-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-117-0x0000000000000000-mapping.dmp

Download
memory/2556-160-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-121-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-144-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-155-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-156-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-157-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-158-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-159-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-152-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-161-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-162-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-164-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-163-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-165-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-166-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-167-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-168-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-120-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-119-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/2556-118-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/3104-221-0x0000000000000000-mapping.dmp

Download
memory/3640-224-0x0000000000000000-mapping.dmp

Download
memory/3716-226-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/3716-229-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/3716-227-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/3716-228-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/3716-232-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/3716-225-0x0000000000000000-mapping.dmp

Download
memory/3716-230-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/3716-231-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/3716-233-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/3716-234-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/3716-235-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/3716-236-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/3716-237-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download
memory/3716-238-0x0000000077670000-0x00000000777FE000-memory.dmp

Filesize
1.6MB

Download