Overview

overview

8

Static

static

8

0051ec3ce2...00.dll

windows7-x64

5

0051ec3ce2...00.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    74s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 23:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0051ec3ce24a724331f265b85a547e56199e3553aaae3fb652b66400ca599900.dll

  • Size

    170KB

  • MD5

    44f16435d573f1df05091576f434d5e0

  • SHA1

    2801909c1b907d2f7d70ff67cdf04246236e4eba

  • SHA256

    0051ec3ce24a724331f265b85a547e56199e3553aaae3fb652b66400ca599900

  • SHA512

    d74c7e0a553a19ceb4df8486dc7ee1e8400cba5de64bcdb93a89328b9956aa0d8ebd2b43fcebd4319f98f3ddde1e802e8ae5ad899ba45fa3340ea551d8903aa8

  • SSDEEP

    3072:UTtvejdXwDj5cciTeLOjRrJyRQFmHftiqibIojqlfI1+EWvqj:C2XPbGO1JSIwftiqisoelfVa

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0051ec3ce24a724331f265b85a547e56199e3553aaae3fb652b66400ca599900.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3720
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\0051ec3ce24a724331f265b85a547e56199e3553aaae3fb652b66400ca599900.dll,#1
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:1960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1960-132-0x0000000000000000-mapping.dmp
    Download