Overview

overview

10

Static

static

10

10b9b1d8f6...0e.dll

windows7-x64

10

10b9b1d8f6...0e.dll

windows10-2004-x64

5

Resubmissions

12-04-2023 09:01

230412-kzbvhsbb72 10

25-05-2022 10:14

220525-l9q8madfeq 10

Analysis

  • max time kernel
    0s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-04-2023 09:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10b9b1d8f6bafd9bb57ccfb1da4a658f10207d566781fa5fb3c4394d283e860e.dll

  • Size

    21KB

  • MD5

    a60c5212d52fe1488d2f82989a2947d2

  • SHA1

    0a744d6c76902d28eb6687d66c18b0a354f29b9d

  • SHA256

    10b9b1d8f6bafd9bb57ccfb1da4a658f10207d566781fa5fb3c4394d283e860e

  • SHA512

    afd14daa5bd9448e09f25d561e8be34e16f93a2825129d165e817a4a2a3ffc339efefd6f26e78c4853acfbce7f51c88b81601324b123d8c377d72da15dcf9327

  • SSDEEP

    384:WMtbZNqOHVeDM0CTotweWWGXWfW03AEXTGYDIvzwXDDAjwUF4U3N4R1H9zcKaYSN:WMtbDp1d0CTqwepGXWfPxGYIwTUV1d4g

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:732
      • C:\Windows\system32\rundll32.exe
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\10b9b1d8f6bafd9bb57ccfb1da4a658f10207d566781fa5fb3c4394d283e860e.dll,#1
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:4132
    • C:\Windows\system32\taskhostw.exe
      taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
      1⤵
        PID:2620
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
        1⤵
          PID:2376
        • C:\Windows\system32\sihost.exe
          sihost.exe
          1⤵
            PID:2356

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2356-133-0x0000026057FC0000-0x0000026057FC4000-memory.dmp

            Filesize

            16KB

            Download