Analysis
-
max time kernel
44s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
23-11-2022 17:19
General
-
Target
a76c24417760d6caaeed0c4877c5b4bd9d102a799ac7ed2b54776d0dac4828a7.dll
-
Size
680KB
-
MD5
52b1afc34157497a7c5d9106166e9160
-
SHA1
effbfe7baad847b78caca1a4f80460c4e9a27beb
-
SHA256
a76c24417760d6caaeed0c4877c5b4bd9d102a799ac7ed2b54776d0dac4828a7
-
SHA512
2b81cb93b39f781e2d8e4a0de4e02133fb231a9f0f9d1fa27cbb5e9c4a6b58be4785c945099fba6075048a50511a7558788776a31cfb9b11c2fb759886700368
-
SSDEEP
12288:X2DFtdILWpX2ihzx7/21n8PwvgqUGKrW7lVEhBTiyLlW6ASMJg/6gP2rHcJMJ6iX:X2DXdISpmi37/2hdOA9xZX
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a76c24417760d6caaeed0c4877c5b4bd9d102a799ac7ed2b54776d0dac4828a7.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a76c24417760d6caaeed0c4877c5b4bd9d102a799ac7ed2b54776d0dac4828a7.dll,#12⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 3003⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1920-56-0x0000000000000000-mapping.dmp
-
memory/1932-54-0x0000000000000000-mapping.dmp
-
memory/1932-55-0x0000000076181000-0x0000000076183000-memory.dmpFilesize
8KB
-
memory/1932-57-0x0000000010000000-0x00000000100BE000-memory.dmpFilesize
760KB