Overview

overview

1

Static

static

1

f8b8860ff3...d1.dll

windows7-x64

1

f8b8860ff3...d1.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    126s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/10/2023, 14:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f8b8860ff3f1ad575ffeb7ed71f5cdb19150c1deca06ac2cd8da90980aa28bd1.dll

  • Size

    1.2MB

  • MD5

    4ad13d8d333c3d76aa89eda18283688f

  • SHA1

    4f15cd2ba95a991b5e3191f43a54eb21e5293238

  • SHA256

    f8b8860ff3f1ad575ffeb7ed71f5cdb19150c1deca06ac2cd8da90980aa28bd1

  • SHA512

    a087df5369f6e6862c5727d51c50216946809bbf66b707410f6c680b19dc4402c38b1f67563b516d0dc1506a639dbe2f72a07be11e8d921ecc36987ec8ca3838

  • SSDEEP

    24576:drW8pIMhY2IW7aDVjx1btrM0+7L3baMVfMmpCERkId+ysrEH7bP:dy2IyIzx3S3dzpCERkId++P

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f8b8860ff3f1ad575ffeb7ed71f5cdb19150c1deca06ac2cd8da90980aa28bd1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\f8b8860ff3f1ad575ffeb7ed71f5cdb19150c1deca06ac2cd8da90980aa28bd1.dll,#1
      2⤵
        PID:4140
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:5104
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3440

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3440-0-0x0000022BA5240000-0x0000022BA5250000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3440-16-0x0000022BA5340000-0x0000022BA5350000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3440-32-0x0000022BAD630000-0x0000022BAD631000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3440-34-0x0000022BAD660000-0x0000022BAD661000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3440-35-0x0000022BAD660000-0x0000022BAD661000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3440-36-0x0000022BAD770000-0x0000022BAD771000-memory.dmp

        Filesize

        4KB

        Download