Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231127-en -
resource tags
arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system -
submitted
12-12-2023 17:56
Static task
static1
Behavioral task
behavioral1
Sample
19be843e1e7a222fde2fae8e0ae5845bdd145d2e0c8f2b2761934177d5166140.dll
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
19be843e1e7a222fde2fae8e0ae5845bdd145d2e0c8f2b2761934177d5166140.dll
Resource
win10v2004-20231127-en
General
-
Target
19be843e1e7a222fde2fae8e0ae5845bdd145d2e0c8f2b2761934177d5166140.dll
-
Size
1.7MB
-
MD5
b7d203f9ccf9a98e27ab925098fb8a71
-
SHA1
37b79bc448665c318320096df4806d2ac47c9f41
-
SHA256
19be843e1e7a222fde2fae8e0ae5845bdd145d2e0c8f2b2761934177d5166140
-
SHA512
1dd0d0639d7069e9c8c9d14de70e0e2f447e44fe970e2bb27c49dbe33c9e1c07901eae87212732c6ae5163c8bb6cc4fe4e77962fb32d4edbed6e8390d3a2a5f8
-
SSDEEP
49152:Fy/cyumABfpGHemqrVf3ALr1x/wsL0h8OsWfS:M/cHmRHjqZcr1JBxbH
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 3552 rundll32.exe 3552 rundll32.exe 3552 rundll32.exe 3552 rundll32.exe 3552 rundll32.exe 3552 rundll32.exe 3552 rundll32.exe 3552 rundll32.exe 3552 rundll32.exe 3552 rundll32.exe 3552 rundll32.exe 3552 rundll32.exe 3552 rundll32.exe 3552 rundll32.exe 3552 rundll32.exe 3552 rundll32.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 660 Process not Found -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 3908 svchost.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5104 wrote to memory of 3552 5104 rundll32.exe 88 PID 5104 wrote to memory of 3552 5104 rundll32.exe 88 PID 5104 wrote to memory of 3552 5104 rundll32.exe 88
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\19be843e1e7a222fde2fae8e0ae5845bdd145d2e0c8f2b2761934177d5166140.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5104 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\19be843e1e7a222fde2fae8e0ae5845bdd145d2e0c8f2b2761934177d5166140.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
PID:3552
-
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:4668
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3908
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD53c362cbad4ae2a0275d39fe045fe7c7a
SHA17439e5eddd6f0714743dbf4fe8211cac54dc2dbb
SHA256ab2d29f91f0987b0cfc3478614eeb5da7d2ed7db52effecff14ccfd369ea3167
SHA512199c28a0232b47821a372bd457f0914e1be4ea7857325375dae925c5e21d2d44ed51cbe6deb76dff98eadae1d0669e61e8413ad2db730911f31f531245522d7d