Overview

overview

1

Static

static

1

9f4372e7a4...d3.dll

windows7-x64

1

9f4372e7a4...d3.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-10-2023 09:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9f4372e7a4204ffb7f41051526e14e87bca856beca7a603551333a98b061fad3.dll

  • Size

    2.5MB

  • MD5

    e566d5ab6ef95f169d7c8d1b7ca99e3f

  • SHA1

    a7ea753ee114e13f3df4d7bacaafc920aa8246d1

  • SHA256

    9f4372e7a4204ffb7f41051526e14e87bca856beca7a603551333a98b061fad3

  • SHA512

    459553443e6509c680f01b74a2e05073989ae0b1a2199141a430b75be3e5fb9cda83adb253d23b67c99e91e1f1dde51f162c511629a04df982cbf3153dea6e12

  • SSDEEP

    49152:rO2eOyo1H/0V9aJdHEJHXTSs6OWFJbtSMXoTLq73xKK6Kaq6K41cC6g6v66666Ek:SZCH/0VjH0OWFJbtSMX3xKvcC6g6v66C

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f4372e7a4204ffb7f41051526e14e87bca856beca7a603551333a98b061fad3.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3836
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f4372e7a4204ffb7f41051526e14e87bca856beca7a603551333a98b061fad3.dll,#1
      2⤵
        PID:3976
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:3668
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3356

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
        Filesize

        16KB

        MD5

        29c9284526738ef269a8a33d525d1809

        SHA1

        a498568426bd1398a9030ec4e90abf6c9a7781bd

        SHA256

        05bb8572d485eb3b244bd5102c31b8f589769c2c5441fc1f21fd67e81a774219

        SHA512

        3a9ffe2b2c047446096d3e6e24fcf3c483e7973c0c9e17c27fdcd27b79525ab1490cb272dc33259aef01cc429247bb1b524932fc0720578bbe4a97fbcffaf9bf

        Download Submit

      • memory/3356-40-0x0000021AC6F10000-0x0000021AC6F11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-33-0x0000021AC6F10000-0x0000021AC6F11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-42-0x0000021AC6F10000-0x0000021AC6F11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-34-0x0000021AC6F10000-0x0000021AC6F11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-35-0x0000021AC6F10000-0x0000021AC6F11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-36-0x0000021AC6F10000-0x0000021AC6F11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-37-0x0000021AC6F10000-0x0000021AC6F11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-39-0x0000021AC6F10000-0x0000021AC6F11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-43-0x0000021AC6B30000-0x0000021AC6B31000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-0-0x0000021ABE840000-0x0000021ABE850000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3356-68-0x0000021AC6D80000-0x0000021AC6D81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-32-0x0000021AC6EE0000-0x0000021AC6EE1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-38-0x0000021AC6F10000-0x0000021AC6F11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-44-0x0000021AC6B20000-0x0000021AC6B21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-46-0x0000021AC6B30000-0x0000021AC6B31000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-49-0x0000021AC6B20000-0x0000021AC6B21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-52-0x0000021AC6A60000-0x0000021AC6A61000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-16-0x0000021ABE940000-0x0000021ABE950000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3356-64-0x0000021AC6C60000-0x0000021AC6C61000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-66-0x0000021AC6C70000-0x0000021AC6C71000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-67-0x0000021AC6C70000-0x0000021AC6C71000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3356-41-0x0000021AC6F10000-0x0000021AC6F11000-memory.dmp

        Filesize

        4KB

        Download