f94ac83ca87f16beb8dadebb57fc564a69c32416df82f5533699a395414356d1

Analysis

max time kernel
179s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2023, 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Astolfo-Beta/natives/libmfxsw32.dll
Size

15.4MB
MD5

6980f97a2a92dce04c5cce88028bd160
SHA1

e5d5daf7b8ce47bd2ecbc34a28357d5a16f7262a
SHA256

39aa5129f3e61473de411a3e286a8ab2a410436923bbaa9320610de30ee1df5f
SHA512

954b75290c1223fd9652389b16f24dd7e5ed4bc1028b1be857c555248eda8b8b1c6414d36af529dec82adae303bdbc2138fa735f0d31a009bb415347756a32d9
SSDEEP

196608:JdsQK8Wj/go87dBJA+qsIX0DSFzFveFVlNSmfJzPmFpfaGUaDHxnQ7doP5hlt1Ya:PeV8o87dB30B1lti9q

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1516	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 1560	2084	rundll32.exe	86
PID 2084 wrote to memory of 1560	2084	rundll32.exe	86
PID 2084 wrote to memory of 1560	2084	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Astolfo-Beta\natives\libmfxsw32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Astolfo-Beta\natives\libmfxsw32.dll,#1
  2⤵
  PID:1560

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4528

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1516-0-0x000001D75D740000-0x000001D75D750000-memory.dmp

Filesize
64KB

Download
memory/1516-16-0x000001D75D840000-0x000001D75D850000-memory.dmp

Filesize
64KB

Download
memory/1516-32-0x000001D765E30000-0x000001D765E31000-memory.dmp

Filesize
4KB

Download
memory/1516-33-0x000001D765E60000-0x000001D765E61000-memory.dmp

Filesize
4KB

Download
memory/1516-34-0x000001D765E60000-0x000001D765E61000-memory.dmp

Filesize
4KB

Download
memory/1516-35-0x000001D765E60000-0x000001D765E61000-memory.dmp

Filesize
4KB

Download
memory/1516-36-0x000001D765E60000-0x000001D765E61000-memory.dmp

Filesize
4KB

Download
memory/1516-37-0x000001D765E60000-0x000001D765E61000-memory.dmp

Filesize
4KB

Download
memory/1516-38-0x000001D765E60000-0x000001D765E61000-memory.dmp

Filesize
4KB

Download
memory/1516-39-0x000001D765E60000-0x000001D765E61000-memory.dmp

Filesize
4KB

Download
memory/1516-40-0x000001D765E60000-0x000001D765E61000-memory.dmp

Filesize
4KB

Download
memory/1516-41-0x000001D765E60000-0x000001D765E61000-memory.dmp

Filesize
4KB

Download
memory/1516-42-0x000001D765E60000-0x000001D765E61000-memory.dmp

Filesize
4KB

Download
memory/1516-44-0x000001D765A70000-0x000001D765A71000-memory.dmp

Filesize
4KB

Download
memory/1516-43-0x000001D765A80000-0x000001D765A81000-memory.dmp

Filesize
4KB

Download
memory/1516-46-0x000001D765A80000-0x000001D765A81000-memory.dmp

Filesize
4KB

Download
memory/1516-49-0x000001D765A70000-0x000001D765A71000-memory.dmp

Filesize
4KB

Download
memory/1516-52-0x000001D7659B0000-0x000001D7659B1000-memory.dmp

Filesize
4KB

Download
memory/1516-64-0x000001D765BB0000-0x000001D765BB1000-memory.dmp

Filesize
4KB

Download
memory/1516-66-0x000001D765BC0000-0x000001D765BC1000-memory.dmp

Filesize
4KB

Download
memory/1516-67-0x000001D765BC0000-0x000001D765BC1000-memory.dmp

Filesize
4KB

Download
memory/1516-68-0x000001D765CD0000-0x000001D765CD1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads