Overview

overview

1

Static

static

msedge_elf.dll

windows10-1703-x64

1

Analysis

  • max time kernel
    301s
  • max time network
    318s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23-11-2022 07:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    msedge_elf.dll

  • Size

    252KB

  • MD5

    c5481de244297c9e345260d8e8b43f79

  • SHA1

    d6636814696a0ba62d21ba0818fda8511329db57

  • SHA256

    62e264f08ba58ec478c09d929bc602ec7b1c0948c01385d3e7d082485e23b48d

  • SHA512

    a7b36fc33f5bfc2b9d9673dd511c11fd8fdc8a23c2db149c1c5f630ca6a296213277e46d9c9c338865cf0e97103e1719aa7fafdf8db1abf5de294d45c467c7df

  • SSDEEP

    6144:5pJVdzTTSTaaO49TBnWdLogIHOruCe+vdSXYVMXDX2mj:lZ49TQdLogIurpe+QBD

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\msedge_elf.dll,#1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2796
  • C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\spoolsv.exe
    1⤵
    • Suspicious use of UnmapMainImage
    PID:980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/980-119-0x0000000001430000-0x0000000001448000-memory.dmp
    Filesize

    96KB

    Download
  • memory/980-123-0x00000000017F0000-0x0000000001829000-memory.dmp
    Filesize

    228KB

    Download
  • memory/2796-115-0x00000296C2580000-0x00000296C2598000-memory.dmp
    Filesize

    96KB

    Download