Analysis
-
max time kernel
301s -
max time network
318s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
23-11-2022 07:55
Static task
static1
Behavioral task
behavioral1
Sample
msedge_elf.dll
Resource
win10-20220812-en
windows10-1703-x64
4 signatures
300 seconds
General
-
Target
msedge_elf.dll
-
Size
252KB
-
MD5
c5481de244297c9e345260d8e8b43f79
-
SHA1
d6636814696a0ba62d21ba0818fda8511329db57
-
SHA256
62e264f08ba58ec478c09d929bc602ec7b1c0948c01385d3e7d082485e23b48d
-
SHA512
a7b36fc33f5bfc2b9d9673dd511c11fd8fdc8a23c2db149c1c5f630ca6a296213277e46d9c9c338865cf0e97103e1719aa7fafdf8db1abf5de294d45c467c7df
-
SSDEEP
6144:5pJVdzTTSTaaO49TBnWdLogIHOruCe+vdSXYVMXDX2mj:lZ49TQdLogIurpe+QBD
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 2796 rundll32.exe 2796 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
rundll32.exedescription pid process Token: SeDebugPrivilege 2796 rundll32.exe -
Suspicious use of UnmapMainImage 1 IoCs
Processes:
spoolsv.exepid process 980 spoolsv.exe -
Suspicious use of WriteProcessMemory 1 IoCs
Processes:
rundll32.exedescription pid process target process PID 2796 wrote to memory of 980 2796 rundll32.exe spoolsv.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\msedge_elf.dll,#11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe1⤵
- Suspicious use of UnmapMainImage