d28c2fa96a805366ca56a9e2e5610acebc45f901ffe9b9e92c9d00283ba056b7

Analysis

max time kernel
139s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2023, 01:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UMPDC.dll
Size

308KB
MD5

219a143ddaf6e1c99f02dcd33e9b1bf6
SHA1

f7ea6246e19a5c0c9b7a88eaf9cc3c805da02c64
SHA256

8fa172c99d07f9698995519b6916f5ecd01a968c3c85b5bd687beb5f6ee2c84c
SHA512

6f61992258f700f7f5b32447e70e4533cc254b238750c466d579749407f254798e954368ea3f86d36850edb3ef122465f54ccfd0dbdb66d10ac184b660a86654
SSDEEP

6144:eKx5P6ThlhYOnmbao0BibQs4jdb+UQjQD6XpXDRg2ehocEjr:eK6ThlhpKao0ADcb+XXVVe3Ej

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3856	rdpclip.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3856	rdpclip.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1512	rundll32.exe
Token: SeDebugPrivilege	3856	rdpclip.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 3856	1512	rundll32.exe	81
PID 1512 wrote to memory of 3856	1512	rundll32.exe	81
PID 1512 wrote to memory of 3856	1512	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\UMPDC.dll,#1
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1512
- C:\Windows\System32\rdpclip.exe
  "C:\Windows\System32\rdpclip.exe"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1512-137-0x000001FD94C90000-0x000001FD94C91000-memory.dmp

Filesize
4KB

Download
memory/1512-135-0x000001FD94C80000-0x000001FD94C81000-memory.dmp

Filesize
4KB

Download
memory/1512-134-0x000001FD91DE0000-0x000001FD91DE1000-memory.dmp

Filesize
4KB

Download
memory/1512-138-0x00007FFF9E8E0000-0x00007FFF9F3A1000-memory.dmp

Filesize
10.8MB

Download
memory/1512-139-0x000001FD94C70000-0x000001FD94C80000-memory.dmp

Filesize
64KB

Download
memory/1512-140-0x000001FD94DC0000-0x000001FD94DC1000-memory.dmp

Filesize
4KB

Download
memory/1512-141-0x000001FD94C70000-0x000001FD94C80000-memory.dmp

Filesize
64KB

Download
memory/1512-142-0x000001FD94DD0000-0x000001FD94DD1000-memory.dmp

Filesize
4KB

Download
memory/1512-143-0x000001FD94C70000-0x000001FD94C80000-memory.dmp

Filesize
64KB

Download
memory/1512-146-0x00007FFF9E8E0000-0x00007FFF9F3A1000-memory.dmp

Filesize
10.8MB

Download
memory/1512-133-0x000001FD91DD0000-0x000001FD91DD1000-memory.dmp

Filesize
4KB

Download
memory/3856-153-0x0000000180000000-0x0000000180029000-memory.dmp

Filesize
164KB

Download
memory/3856-145-0x0000000180000000-0x0000000180029000-memory.dmp

Filesize
164KB

Download
memory/3856-136-0x000001C425460000-0x000001C425485000-memory.dmp

Filesize
148KB

Download
memory/3856-154-0x00007FFF9E8E0000-0x00007FFF9F3A1000-memory.dmp

Filesize
10.8MB

Download
memory/3856-155-0x000001C43F9C0000-0x000001C43F9D0000-memory.dmp

Filesize
64KB

Download
memory/3856-156-0x000001C43F9C0000-0x000001C43F9D0000-memory.dmp

Filesize
64KB

Download
memory/3856-157-0x000001C43F9C0000-0x000001C43F9D0000-memory.dmp

Filesize
64KB

Download
memory/3856-158-0x00007FFF9E8E0000-0x00007FFF9F3A1000-memory.dmp

Filesize
10.8MB

Download
memory/3856-159-0x000001C43F9C0000-0x000001C43F9D0000-memory.dmp

Filesize
64KB

Download
memory/3856-160-0x000001C43F9C0000-0x000001C43F9D0000-memory.dmp

Filesize
64KB

Download
memory/3856-161-0x000001C43F9C0000-0x000001C43F9D0000-memory.dmp

Filesize
64KB

Download