Overview

overview

10

Static

static

10

AnyDesk v3...V).exe

windows10-2004-x64

1

DLL Explor...32.exe

windows10-2004-x64

7

DLL Explor...64.exe

windows10-2004-x64

7

DLL UnInje...or.exe

windows10-2004-x64

1

Everything...ng.exe

windows10-2004-x64

7

Everything...up.exe

windows10-2004-x64

4

LastActivi...ew.exe

windows10-2004-x64

9

LastActivi...ew.bat

windows10-2004-x64

9

Lastproverka.bat

windows10-2004-x64

3

NirCMD 2.8...md.exe

windows10-2004-x64

9

NirCMD 2.8...xe.bat

windows10-2004-x64

9

NirCMD 2.8...xe.bat

windows10-2004-x64

9

OpenedFile...32.exe

windows10-2004-x64

9

OpenedFile...64.exe

windows10-2004-x64

8

Process Hacker 2.lnk

windows10-2004-x64

3

Recuva 1.5...le.exe

windows10-2004-x64

7

Shellbag_a...er.exe

windows10-2004-x64

10

USBDeview ...ew.exe

windows10-2004-x64

9

UserAssist...ew.exe

windows10-2004-x64

9

processhac...up.exe

windows10-2004-x64

7

Resubmissions

19-10-2023 11:09

231019-m9hf6agh68 10

Analysis

  • max time kernel
    600s
  • max time network
    443s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-ja
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-jalocale:ja-jpos:windows10-2004-x64systemwindows
  • submitted
    19-10-2023 11:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DLL UnInjector 1.3/NVTDLLUnInjector.exe

  • Size

    2.6MB

  • MD5

    ad332eb68417955b5e5dd8c3f7a0f745

  • SHA1

    e375dd0dcca0e9a24bda24cc7bf5e4540189e9e9

  • SHA256

    eb66948d58994945e53babeec0114627049fae34d6e84f743f0b2b3b44675dff

  • SHA512

    101d2ab837c1ff31254cacb1d251bd7c40c84fcb096801cb7bef195f8aa13936ada748c116f359612f6641b028b9e5aa03009363ebf19a0925dbea7ad69b1963

  • SSDEEP

    49152:wHoBq1dy7ttwsOrySS0fGDSEQA/o/TVoXsOjc:6oUGsOjc

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DLL UnInjector 1.3\NVTDLLUnInjector.exe
    "C:\Users\Admin\AppData\Local\Temp\DLL UnInjector 1.3\NVTDLLUnInjector.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:3740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3740-0-0x00000000024D0000-0x00000000024D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3740-1-0x0000000000400000-0x00000000006AC000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/3740-2-0x00000000024D0000-0x00000000024D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3740-4-0x0000000000400000-0x00000000006AC000-memory.dmp

    Filesize

    2.7MB

    Download