96ca4cc3d47e4c189a8afd8e8ae5d20a3c489adb741576b68d837293f4522f3e

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2023, 13:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f270202cd88b045630f6d2dec6d5823aa08aa66949b9ccd20f6e924c7992fea7.dll
Size

280KB
MD5

70c93643ff5171a362e05f41306f0c16
SHA1

b9d039157ed90a742b451eb26303dff9d5899d54
SHA256

f270202cd88b045630f6d2dec6d5823aa08aa66949b9ccd20f6e924c7992fea7
SHA512

e2a91befcf5c1a36a65c22e9006356e953692ae2589c49dbca0a0f42bc6ba39693ef878b0f46ac7798876d9bd7e4785a947d2b513635fb470184aceb590bb49d
SSDEEP

6144:Thtm8v2uUVUF7zn26P6zBPlTCcU1yhOIlzFdnqVX+28UcWt:Vtm4UiF7z2S69P9C1y7iVX+LWt

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2716 set thread context of 3460	2716	rundll32.exe	87

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3460	WWAHost.exe
3460	WWAHost.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
2716	rundll32.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3460	WWAHost.exe
Token: SeManageVolumePrivilege	3552	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 3460	2716	rundll32.exe	87
PID 2716 wrote to memory of 3460	2716	rundll32.exe	87
PID 2716 wrote to memory of 3460	2716	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f270202cd88b045630f6d2dec6d5823aa08aa66949b9ccd20f6e924c7992fea7.dll,#1
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Windows\system32\WWAHost.exe
  C:\Windows\system32\WWAHost.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3460

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3672

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2716-0-0x00007FF8DD4B0000-0x00007FF8DD6A5000-memory.dmp

Filesize
2.0MB

Download
memory/2716-1-0x00007FF8DC6C0000-0x00007FF8DC77E000-memory.dmp

Filesize
760KB

Download
memory/3460-2-0x000001B683DE0000-0x000001B683E22000-memory.dmp

Filesize
264KB

Download
memory/3460-3-0x00007FF8DD4B0000-0x00007FF8DD6A5000-memory.dmp

Filesize
2.0MB

Download
memory/3460-4-0x00007FF8DC6C0000-0x00007FF8DC77E000-memory.dmp

Filesize
760KB

Download
memory/3460-7-0x0000000180000000-0x0000000180041000-memory.dmp

Filesize
260KB

Download
memory/3460-12-0x00007FF8BF8A0000-0x00007FF8C0361000-memory.dmp

Filesize
10.8MB

Download
memory/3460-14-0x000001B69E5F0000-0x000001B69E600000-memory.dmp

Filesize
64KB

Download
memory/3460-13-0x000001B685BF0000-0x000001B685C30000-memory.dmp

Filesize
256KB

Download
memory/3460-16-0x000001B69E5F0000-0x000001B69E600000-memory.dmp

Filesize
64KB

Download
memory/3460-15-0x000001B69E5F0000-0x000001B69E600000-memory.dmp

Filesize
64KB

Download
memory/3460-17-0x000001B685CC0000-0x000001B685CC6000-memory.dmp

Filesize
24KB

Download
memory/3460-22-0x00007FF8BF8A0000-0x00007FF8C0361000-memory.dmp

Filesize
10.8MB

Download
memory/3460-23-0x000001B69E5F0000-0x000001B69E600000-memory.dmp

Filesize
64KB

Download
memory/3460-24-0x000001B69E5F0000-0x000001B69E600000-memory.dmp

Filesize
64KB

Download
memory/3552-26-0x000001AE7D740000-0x000001AE7D750000-memory.dmp

Filesize
64KB

Download
memory/3552-64-0x000001AE7DE40000-0x000001AE7DE41000-memory.dmp

Filesize
4KB

Download
memory/3552-42-0x000001AE7D840000-0x000001AE7D850000-memory.dmp

Filesize
64KB

Download
memory/3552-58-0x000001AE7DE10000-0x000001AE7DE11000-memory.dmp

Filesize
4KB

Download
memory/3552-59-0x000001AE7DE40000-0x000001AE7DE41000-memory.dmp

Filesize
4KB

Download
memory/3552-60-0x000001AE7DE40000-0x000001AE7DE41000-memory.dmp

Filesize
4KB

Download
memory/3552-61-0x000001AE7DE40000-0x000001AE7DE41000-memory.dmp

Filesize
4KB

Download
memory/3552-62-0x000001AE7DE40000-0x000001AE7DE41000-memory.dmp

Filesize
4KB

Download
memory/3552-63-0x000001AE7DE40000-0x000001AE7DE41000-memory.dmp

Filesize
4KB

Download
memory/3552-75-0x000001AE7DA50000-0x000001AE7DA51000-memory.dmp

Filesize
4KB

Download
memory/3552-65-0x000001AE7DE40000-0x000001AE7DE41000-memory.dmp

Filesize
4KB

Download
memory/3552-66-0x000001AE7DE40000-0x000001AE7DE41000-memory.dmp

Filesize
4KB

Download
memory/3552-67-0x000001AE7DE40000-0x000001AE7DE41000-memory.dmp

Filesize
4KB

Download
memory/3552-68-0x000001AE7DE40000-0x000001AE7DE41000-memory.dmp

Filesize
4KB

Download
memory/3552-69-0x000001AE7DA60000-0x000001AE7DA61000-memory.dmp

Filesize
4KB

Download
memory/3552-70-0x000001AE7DA50000-0x000001AE7DA51000-memory.dmp

Filesize
4KB

Download
memory/3552-72-0x000001AE7DA60000-0x000001AE7DA61000-memory.dmp

Filesize
4KB

Download
memory/3672-25-0x0000021701F20000-0x0000021702054000-memory.dmp

Filesize
1.2MB

Download