Analysis
-
max time kernel
1533s -
max time network
1575s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
14-04-2023 01:58
General
-
Target
ASTRAL 2.0/DNGRTx64.dll
-
Size
5.3MB
-
MD5
a428c3e775add87c7915381a88061888
-
SHA1
aaf1ef5d8924e92961bf81d07c2d6886e1e01585
-
SHA256
ddeb3041ff32da6d6a98e90941ec18f45b7a8afb2b738394de3073d774dfde4a
-
SHA512
29f8d8787e41370e0373bd01021783190fb752f6b37881462ebf7edd9bda9f530f59c125c3ca1ba8f88dde1200a3015868eaf718a9ad09ffc2ad6396a0f098d1
-
SSDEEP
98304:yTPCS2FAxDgcE2WT6GFmtMImE2g5gKU/eh8ZnPbLMvlllmUjTF3WlN/vd:hcD7mCtXmpd/egPbLMvXQ+GlBd
Score
5/10
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\ASTRAL 2.0\DNGRTx64.dll",#11⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2688 -s 3402⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 184 -p 2688 -ip 26881⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2688-133-0x00007FFE03510000-0x00007FFE03512000-memory.dmpFilesize
8KB
-
memory/2688-134-0x00007FFE03520000-0x00007FFE03522000-memory.dmpFilesize
8KB
-
memory/2688-135-0x00007FFDE4800000-0x00007FFDE50E2000-memory.dmpFilesize
8.9MB
-
memory/2688-138-0x000002123A6C0000-0x000002123A6C1000-memory.dmpFilesize
4KB