Overview

overview

3

Static

static

3

MSVCR100.dll

windows7-x64

3

MSVCR100.dll

windows10-2004-x64

3

WebView2Loader.dll

windows7-x64

1

WebView2Loader.dll

windows10-2004-x64

3

exe.exe

windows7-x64

3

exe.exe

windows10-2004-x64

3

i7.exe

windows7-x64

1

i7.exe

windows10-2004-x64

1

jli.dll

windows7-x64

3

jli.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-11-2023 19:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jli.dll

  • Size

    10.6MB

  • MD5

    9e9d59ff778590e2c1ea48937c0848c4

  • SHA1

    1343b834584d1bde63b1cbf15711fcb074bea076

  • SHA256

    1ddb9fc1806160d31996f4db28ce9658288caca32607932609efdcd91f2f251c

  • SHA512

    9dd202b5dc04fd86d6a4d8dbe4f2659e147dcdc209075c94577a6fe54678abe7779e737c76dc6a889a1b3b1a11e98b3026efc73ed1a4a9db595aea54952c6a8e

  • SSDEEP

    98304:1ZcOfJsrCPATtVXnpDYMe5bScwalZLCwpokCFCxJD9LKB:1tBmHBjDW5A

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\jli.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\jli.dll,#1
      2⤵
        PID:1032
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 716
          3⤵
          • Program crash
          PID:848
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1032 -ip 1032
      1⤵
        PID:3116
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
        1⤵
          PID:4148
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k UnistackSvcGroup
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1196

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1032-0-0x0000000002CD0000-0x000000000377C000-memory.dmp

          Filesize

          10.7MB

          Download

        • memory/1032-1-0x0000000002CD0000-0x000000000377C000-memory.dmp

          Filesize

          10.7MB

          Download

        • memory/1196-2-0x000001C1C4440000-0x000001C1C4450000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1196-18-0x000001C1C4540000-0x000001C1C4550000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1196-34-0x000001C1CC8A0000-0x000001C1CC8A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1196-36-0x000001C1CC8D0000-0x000001C1CC8D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1196-37-0x000001C1CC8D0000-0x000001C1CC8D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1196-38-0x000001C1CC9E0000-0x000001C1CC9E1000-memory.dmp

          Filesize

          4KB

          Download