Analysis
-
max time kernel
159s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
06/12/2022, 21:15
General
-
Target
e40b33611d00a12722eb6353309d601add33efe094bb7446bf353dfcca3f343f.dll
-
Size
9KB
-
MD5
55ec52dd210c9b5d0cacb5f3168e3b83
-
SHA1
749b9a3bbbc29815757bb012081bc302e057770c
-
SHA256
e40b33611d00a12722eb6353309d601add33efe094bb7446bf353dfcca3f343f
-
SHA512
c7d07de20925c7b3e2c30040103fd7f02b24e441126b9af3faeec2d34efc1d4aebc06b6309f5922f0ab4af05fe4698671ad3ae372feebeef4cc71d9c10549f91
-
SSDEEP
192:N7ibKA976N00e8CtJNe9+Mt105n6/bsmA:NWbr76N0ZNJY99m6E
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e40b33611d00a12722eb6353309d601add33efe094bb7446bf353dfcca3f343f.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e40b33611d00a12722eb6353309d601add33efe094bb7446bf353dfcca3f343f.dll,#13⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-