Overview

overview

3

Static

static

3

9b0243f199...3a.dll

windows7-x64

1

9b0243f199...3a.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231025-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-11-2023 00:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b0243f1995416121b5e7321f40f891a30082f09cd6f9d94c75a7281c60a093a.dll

  • Size

    836KB

  • MD5

    ab9fd6fa3ba26bc79422939619b8294b

  • SHA1

    8a20b40ce462f335955cb66e2b3091dc6bcbfcdb

  • SHA256

    9b0243f1995416121b5e7321f40f891a30082f09cd6f9d94c75a7281c60a093a

  • SHA512

    4dc0065edf1768eec4ad598fe57d5bea9dd41fa334f8ec9644394487d930b78a5dab5bc53251faf429d301e679feeb5c56c1fa01538d797c0dbf9eaa6c0f9480

  • SSDEEP

    12288:8/VV8pfoM5hhZ9Uc87/onOFTkbEKSfAB1iL7OjMV72rnc80lkrqO9bYlIIAVXqWC:tfrKSjttx06DfOE1IkgJYPyTggNh

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b0243f1995416121b5e7321f40f891a30082f09cd6f9d94c75a7281c60a093a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4436
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b0243f1995416121b5e7321f40f891a30082f09cd6f9d94c75a7281c60a093a.dll,#1
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1556
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:3104
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3840

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
      Filesize

      16KB

      MD5

      ac94825d5b33e35b7ba93f4b039a44ea

      SHA1

      7937a12e461bb69a03a1e69f5d51415b0c6b118f

      SHA256

      2d448eab99860b098e963ee8c9aefd8d8bbf71d182152eb61111b2458becbad0

      SHA512

      36d5d446379353a58eed5edce938e145133df2bbb3c47ecce077afb20e31c2904fe76bcb947feae04b06fddc4cf9128a7562b7ae09eeb72c070e5f17cb143b5d

      Download Submit

    • memory/1556-0-0x0000000010000000-0x00000000100F3000-memory.dmp

      Filesize

      972KB

      Download

    • memory/3840-42-0x000001A8DC680000-0x000001A8DC681000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-34-0x000001A8DC670000-0x000001A8DC671000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-43-0x000001A8DC680000-0x000001A8DC681000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-35-0x000001A8DC670000-0x000001A8DC671000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-36-0x000001A8DC670000-0x000001A8DC671000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-37-0x000001A8DC670000-0x000001A8DC671000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-38-0x000001A8DC670000-0x000001A8DC671000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-39-0x000001A8DC670000-0x000001A8DC671000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-44-0x000001A8DC2B0000-0x000001A8DC2B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-41-0x000001A8DC680000-0x000001A8DC681000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-69-0x000001A8DC500000-0x000001A8DC501000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-33-0x000001A8DC660000-0x000001A8DC661000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-40-0x000001A8DC670000-0x000001A8DC671000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-45-0x000001A8DC2A0000-0x000001A8DC2A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-47-0x000001A8DC2B0000-0x000001A8DC2B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-50-0x000001A8DC2A0000-0x000001A8DC2A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-53-0x000001A8DC1E0000-0x000001A8DC1E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-1-0x000001A8D3F70000-0x000001A8D3F80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3840-65-0x000001A8DC3E0000-0x000001A8DC3E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-67-0x000001A8DC3F0000-0x000001A8DC3F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-68-0x000001A8DC3F0000-0x000001A8DC3F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3840-17-0x000001A8D4070000-0x000001A8D4080000-memory.dmp

      Filesize

      64KB

      Download