Analysis

  • max time kernel
    359s
  • max time network
    363s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    27/02/2023, 16:36

General

  • Target

    2.dll

  • Size

    600KB

  • MD5

    bb9ee18a287e480555e8ea6af3f0097e

  • SHA1

    85a19f2f3faa2b5cdc1953d17ccbb3a2ae5663d7

  • SHA256

    880b3686ee03e3e2d4771f8d4dfe0f5d57b216860d42542e5f1275fb7bd8153b

  • SHA512

    c0023fe59f176808362bb1ec4df22964fbd0cbbf00223ec87b85790fbd01d45018db0c6a60e91baa6adff27888633db5eaa2f15e6b6560599fd6a253ac19f6a4

  • SSDEEP

    12288:dt1VOakzj7hpQynG+6g1zJACP406bvcgW+oJfu+3:dt/xk37hyyzl1BP4fto9u+3

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:912
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2.dll,#1
      2⤵
        PID:1496
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:608
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x460
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1476

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads