Overview

overview

3

Static

static

3

c0ada6395e...51.dll

windows7-x64

1

c0ada6395e...51.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/10/2023, 20:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c0ada6395e72427ea611184787b47a32722baa8a732d02d2f02633a5c0ee8651.dll

  • Size

    1.2MB

  • MD5

    f5df2a4ec3becd41cc2beb7c31bfc5ea

  • SHA1

    957bd7c1cb8d0c753faef7c2afdc3a63948ea004

  • SHA256

    c0ada6395e72427ea611184787b47a32722baa8a732d02d2f02633a5c0ee8651

  • SHA512

    9b8c8b2403a1f68aa56cd1578f4ec7b2c62624e175b129bd248f616b654c2034df0402af77fe984fef25fe914d49b10fbddc880c662020d407901c8bcbe0688f

  • SSDEEP

    24576:jrZcCgifLC5yVOlFG1/V4WDfa+xtvzRCpZ9Vw7niWOGw:eS52+NG5

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0ada6395e72427ea611184787b47a32722baa8a732d02d2f02633a5c0ee8651.dll,#1
    1⤵
      PID:5040
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:4956
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3008

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/3008-0-0x000001DB0BA50000-0x000001DB0BA60000-memory.dmp

              Filesize

              64KB

              Download

            • memory/3008-16-0x000001DB0BB50000-0x000001DB0BB60000-memory.dmp

              Filesize

              64KB

              Download

            • memory/3008-32-0x000001DB13EC0000-0x000001DB13EC1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3008-34-0x000001DB13EF0000-0x000001DB13EF1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3008-35-0x000001DB13EF0000-0x000001DB13EF1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3008-36-0x000001DB14000000-0x000001DB14001000-memory.dmp

              Filesize

              4KB

              Download