Analysis
-
max time kernel
141s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
18-08-2023 20:27
General
-
Target
ac3952245d3d68f496b192c9b2c5a3e7e9e22136df0fcca91e1237dfa665a975.dll
-
Size
2.4MB
-
MD5
f2470442f3de8f8e0bfbc8c63115e45e
-
SHA1
01f58dd1ac7f7cb4d5120af90829ca424d20d101
-
SHA256
ac3952245d3d68f496b192c9b2c5a3e7e9e22136df0fcca91e1237dfa665a975
-
SHA512
4cbe2d49ee8eed5e5c7273c54fc7a783234b5dd4e0676641bbbfe8dbaa3f9ab70cd4073f692f2e212fea7e140989cb5c5ba0f03fbe4acff730539ff8fd03a1f7
-
SSDEEP
49152:Kc9/eQEkgtzvJsNgJNSH5IWFtnmxiGQKuWXQOhcguRpSontOn7P:v9yagJNyFwx9uO2zSo87
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ac3952245d3d68f496b192c9b2c5a3e7e9e22136df0fcca91e1237dfa665a975.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ac3952245d3d68f496b192c9b2c5a3e7e9e22136df0fcca91e1237dfa665a975.dll,#12⤵
- Blocklisted process makes network request
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.6MB
-
Filesize
12KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
5.6MB
-
Filesize
5.6MB
-
Filesize
5.6MB