Analysis

  • max time kernel
    865s
  • max time network
    1820s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-en
  • resource tags

    arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23/12/2023, 08:11

General

  • Target

    Новая папка/2.60/date/android/LocateDevice.dll

  • Size

    7KB

  • MD5

    b1a31112088da082c104075ee903e851

  • SHA1

    fb3dae95811a207848fceafaec41ca98887c4ab1

  • SHA256

    84eac41f510dacff110b600fa10f7b6070aea71e5014904ace653a900ff890ad

  • SHA512

    218c033c8abb419fe637c065c44f14e1e13ce70d26f908af8b03ee629dab1efe1ab87618554f45b6fce622165326d02219000adc74778047d0188dd20d9a8fbd

  • SSDEEP

    192:uCXq4T335/wJirNmL/8Qpkqs1ILpwa+ebCfvLPaL7:umqS3mirILu1OwMbCnLSL7

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\LocateDevice.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:96
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\LocateDevice.dll",#1
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4568

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads