Analysis

  • max time kernel
    180s
  • max time network
    211s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 05:58

General

  • Target

    a917ce030ba341373260ddb2b3ab59dd3c49096b2c8358b5e0adbe1bb8a3e520.dll

  • Size

    1009KB

  • MD5

    edf3fe69e57633fcc80b18e5ed34d2d0

  • SHA1

    d3957c112ed7e30e5b11622de546c31da919c874

  • SHA256

    a917ce030ba341373260ddb2b3ab59dd3c49096b2c8358b5e0adbe1bb8a3e520

  • SHA512

    1cfc85aae03424cb267dbe694b6d644e392c5630fda19b681424c504241a3f7c15409a49342c9c438a358ea40974031e7982ecb65fdf150bf05faf84404fd676

  • SSDEEP

    6144:7YAoZe2Pq+my/eyjU4fQYq//t8oXk/a4fJPcu6l8ohteJqBcNOER7bWGug/ozffQ:7Y9ZvcygMQYq/1KBEjSohty1yZs

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a917ce030ba341373260ddb2b3ab59dd3c49096b2c8358b5e0adbe1bb8a3e520.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4288
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a917ce030ba341373260ddb2b3ab59dd3c49096b2c8358b5e0adbe1bb8a3e520.dll,#1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4700

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads