Overview

overview

10

Static

static

10

AnyDesk v3...V).exe

windows10-2004-x64

1

DLL Explor...32.exe

windows10-2004-x64

7

DLL Explor...64.exe

windows10-2004-x64

7

DLL UnInje...or.exe

windows10-2004-x64

1

Everything...ng.exe

windows10-2004-x64

7

Everything...up.exe

windows10-2004-x64

4

LastActivi...ew.exe

windows10-2004-x64

9

LastActivi...ew.bat

windows10-2004-x64

9

Lastproverka.bat

windows10-2004-x64

3

NirCMD 2.8...md.exe

windows10-2004-x64

9

NirCMD 2.8...xe.bat

windows10-2004-x64

9

NirCMD 2.8...xe.bat

windows10-2004-x64

9

OpenedFile...32.exe

windows10-2004-x64

9

OpenedFile...64.exe

windows10-2004-x64

8

Process Hacker 2.lnk

windows10-2004-x64

3

Recuva 1.5...le.exe

windows10-2004-x64

7

Shellbag_a...er.exe

windows10-2004-x64

10

USBDeview ...ew.exe

windows10-2004-x64

9

UserAssist...ew.exe

windows10-2004-x64

9

processhac...up.exe

windows10-2004-x64

7

Resubmissions

19-10-2023 11:09

231019-m9hf6agh68 10

Analysis

  • max time kernel
    591s
  • max time network
    430s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-ja
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-jalocale:ja-jpos:windows10-2004-x64systemwindows
  • submitted
    19-10-2023 11:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DLL Explorer 1.2/DLLExplorer64.exe

  • Size

    740KB

  • MD5

    02ca78b8f497477864191f586504ca9f

  • SHA1

    c26d56061585f8625a4d27d1ec150b4fc6fcc2b5

  • SHA256

    ebd5e153a4657c1bfa3c658a0cbff329c20fe0b1eba91cc09a455ecaadd7716f

  • SHA512

    719cfbaa31a28e36069264e4906e812c4fa77cfe5f4e7026521b40de5759bc74f73a092093910f9870174ae4e3a35de6f398ff22c77d5b04d7f8fc2832a53374

  • SSDEEP

    12288:XGnZajfA/8Gc7TpG7ZX4hY6TfSJHKOE5dR0XygJGFzq4a:XGQo/NcxGNX4xIE5dR6GF3a

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DLL Explorer 1.2\DLLExplorer64.exe
    "C:\Users\Admin\AppData\Local\Temp\DLL Explorer 1.2\DLLExplorer64.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2136-0-0x0000000000400000-0x00000000006C7000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2136-1-0x0000000000810000-0x0000000000811000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2136-2-0x0000000000400000-0x00000000006C7000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2136-4-0x0000000000810000-0x0000000000811000-memory.dmp

    Filesize

    4KB

    Download