e76ca47061940f3993b2141f96bca9570ade32e1c4dd36e2e9e03401b45d77b9

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2023, 23:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e76ca47061940f3993b2141f96bca9570ade32e1c4dd36e2e9e03401b45d77b9.dll
Size

2.6MB
MD5

b1bce83faa9763bbdf42cc7ee41ca16d
SHA1

000fc07cf324ce12bd93aa806e4609e4f7e2c1ce
SHA256

e76ca47061940f3993b2141f96bca9570ade32e1c4dd36e2e9e03401b45d77b9
SHA512

6c9afcd65868e76d7f6e83475eb16389083e2bc58706eed89c336ee1433c6886056bd058f8fa3083e7dedc9131bb7c7a176e55a91cdc1d1bfe5f1a4a4c6536a0
SSDEEP

49152:o1wp6M68TSfDi3lG4XPJ2trGpPHWE76TY+s8KuqGaX0ToIBAUZLYsX1SCM:gwp6M68efDi3lG4gKXcJBAUZLM

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	644	WMIC.exe
Token: SeSecurityPrivilege	644	WMIC.exe
Token: SeTakeOwnershipPrivilege	644	WMIC.exe
Token: SeLoadDriverPrivilege	644	WMIC.exe
Token: SeSystemProfilePrivilege	644	WMIC.exe
Token: SeSystemtimePrivilege	644	WMIC.exe
Token: SeProfSingleProcessPrivilege	644	WMIC.exe
Token: SeIncBasePriorityPrivilege	644	WMIC.exe
Token: SeCreatePagefilePrivilege	644	WMIC.exe
Token: SeBackupPrivilege	644	WMIC.exe
Token: SeRestorePrivilege	644	WMIC.exe
Token: SeShutdownPrivilege	644	WMIC.exe
Token: SeDebugPrivilege	644	WMIC.exe
Token: SeSystemEnvironmentPrivilege	644	WMIC.exe
Token: SeRemoteShutdownPrivilege	644	WMIC.exe
Token: SeUndockPrivilege	644	WMIC.exe
Token: SeManageVolumePrivilege	644	WMIC.exe
Token: 33	644	WMIC.exe
Token: 34	644	WMIC.exe
Token: 35	644	WMIC.exe
Token: 36	644	WMIC.exe
Token: SeIncreaseQuotaPrivilege	644	WMIC.exe
Token: SeSecurityPrivilege	644	WMIC.exe
Token: SeTakeOwnershipPrivilege	644	WMIC.exe
Token: SeLoadDriverPrivilege	644	WMIC.exe
Token: SeSystemProfilePrivilege	644	WMIC.exe
Token: SeSystemtimePrivilege	644	WMIC.exe
Token: SeProfSingleProcessPrivilege	644	WMIC.exe
Token: SeIncBasePriorityPrivilege	644	WMIC.exe
Token: SeCreatePagefilePrivilege	644	WMIC.exe
Token: SeBackupPrivilege	644	WMIC.exe
Token: SeRestorePrivilege	644	WMIC.exe
Token: SeShutdownPrivilege	644	WMIC.exe
Token: SeDebugPrivilege	644	WMIC.exe
Token: SeSystemEnvironmentPrivilege	644	WMIC.exe
Token: SeRemoteShutdownPrivilege	644	WMIC.exe
Token: SeUndockPrivilege	644	WMIC.exe
Token: SeManageVolumePrivilege	644	WMIC.exe
Token: 33	644	WMIC.exe
Token: 34	644	WMIC.exe
Token: 35	644	WMIC.exe
Token: 36	644	WMIC.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3732	rundll32.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 3732	1672	rundll32.exe	84
PID 1672 wrote to memory of 3732	1672	rundll32.exe	84
PID 1672 wrote to memory of 3732	1672	rundll32.exe	84
PID 3732 wrote to memory of 3508	3732	rundll32.exe	86
PID 3732 wrote to memory of 3508	3732	rundll32.exe	86
PID 3732 wrote to memory of 3508	3732	rundll32.exe	86
PID 3508 wrote to memory of 644	3508	cmd.exe	89
PID 3508 wrote to memory of 644	3508	cmd.exe	89
PID 3508 wrote to memory of 644	3508	cmd.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e76ca47061940f3993b2141f96bca9570ade32e1c4dd36e2e9e03401b45d77b9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e76ca47061940f3993b2141f96bca9570ade32e1c4dd36e2e9e03401b45d77b9.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3732
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c wmic diskdrive get serialnumber
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3508
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic diskdrive get serialnumber
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3732-0-0x0000000003140000-0x0000000003199000-memory.dmp

Filesize
356KB

Download
memory/3732-1-0x0000000003140000-0x0000000003199000-memory.dmp

Filesize
356KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads