Analysis
-
max time kernel
43s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
01-12-2022 06:07
General
-
Target
0dc628754df3fd644ee877e413c0c47db6589136fbbcc17438277d13fa005e44.dll
-
Size
369KB
-
MD5
64f0c94a3dd3d83860784df6190337e0
-
SHA1
024246f6576609379a8710f1127f4468fbfbc17f
-
SHA256
0dc628754df3fd644ee877e413c0c47db6589136fbbcc17438277d13fa005e44
-
SHA512
6675fe84cb5252f4f1193b98df1ec721ee2485ec52cca21ce9f003196531c60f98ee19b0a7d3e1a2e78c9a36634def0400b0f376729fc6f70fa96492f68f93a2
-
SSDEEP
6144:PVA7eS8fqjV94E+m73U52nnhPsYT4qwec0drDt2yCgqb/BOTBMBhUgQ:PgeS8fqjVhD1nmEBdtNCF/BOTeWD
Score
8/10
Malware Config
Signatures
-
Sets DLL path for service in the registry 2 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0dc628754df3fd644ee877e413c0c47db6589136fbbcc17438277d13fa005e44.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0dc628754df3fd644ee877e413c0c47db6589136fbbcc17438277d13fa005e44.dll,#12⤵
- Sets DLL path for service in the registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k mysysgroup31⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
-
Filesize
8KB