Overview

overview

3

Static

static

3

664ebba93f...6c.dll

windows7-x64

1

664ebba93f...6c.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2023, 08:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    664ebba93fd4471d8964aebcd641a9a6b7efcf4b0199351a647e31da666d4e6c.dll

  • Size

    264KB

  • MD5

    125e8df063b02addc75f91424f9b2a15

  • SHA1

    6e844606e4bc8721974d897722e617c670141d5a

  • SHA256

    664ebba93fd4471d8964aebcd641a9a6b7efcf4b0199351a647e31da666d4e6c

  • SHA512

    39f66d3b8be851eabde2926e1692c9e59b13f6c1ad597d650c0f8170d6b212f9211ed09debab02fd363ce70c57f5a578e801a0e138032c8e09731f3408928c2c

  • SSDEEP

    3072:a4Eft7YfsurdfToIjEyBNXRVclFjQC2mC0dv4Jtd9i/OSxA131xOiDStPsZShpHS:atiGOHDXv2OJtd9i/txARjOVsAOYcJ

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\664ebba93fd4471d8964aebcd641a9a6b7efcf4b0199351a647e31da666d4e6c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\664ebba93fd4471d8964aebcd641a9a6b7efcf4b0199351a647e31da666d4e6c.dll,#1
      2⤵
        PID:4456
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:400
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2096

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2096-0-0x00000225E0680000-0x00000225E0690000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2096-16-0x00000225E0780000-0x00000225E0790000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2096-32-0x00000225E8AF0000-0x00000225E8AF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2096-34-0x00000225E8B20000-0x00000225E8B21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2096-35-0x00000225E8B20000-0x00000225E8B21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2096-36-0x00000225E8C30000-0x00000225E8C31000-memory.dmp

        Filesize

        4KB

        Download