Resubmissions

16/03/2023, 14:41

230316-r2we9sbc49 3

16/03/2023, 14:41

230316-r2kzjade9x 1

Analysis

  • max time kernel
    55s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2023, 14:41

General

  • Target

    2700000.dll

  • Size

    432KB

  • MD5

    48bfb197c90d573c36b9e663e956e20a

  • SHA1

    5156a2afea820702ceffb01f30206ce8637b638c

  • SHA256

    ab53894c820ba5717a3b43d053fee8dbec2be37f2877b022135a1b097a7a24ad

  • SHA512

    4406f05f65e06128deaffbf55d9e5d80bd55effa94548007ead9998e026f78e296c6324980ebf9323457adc7aebc2e1a226c535b651b32c6f56f58384e621ee5

  • SSDEEP

    12288:MI7ndMfOx7MnnAZWADGK5einHoXnp8YR:DeOZMnAzGK5eiOn+YR

Score
3/10

Malware Config

Signatures

  • Program crash 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 39 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2700000.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2700000.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1216
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 224
        3⤵
        • Program crash
        PID:1108
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:472
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x1f0
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:640
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1628
      • C:\Windows\system32\rundll32.exe
        rundll32 2700000.dll,#1
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2040
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32 2700000.dll,#1
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1880
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 224
            4⤵
            • Program crash
            PID:2016
      • C:\Windows\system32\rundll32.exe
        rundll32 2700000.dll,Initialize
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1980
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32 2700000.dll,Initialize
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:784
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 224
            4⤵
            • Program crash
            PID:1820

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads