Overview

overview

7

Static

static

7

1a7705af7d...34.dll

windows7-x64

3

1a7705af7d...34.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 11:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1a7705af7daaf0b9f96bf64d9c94b134.dll

  • Size

    448KB

  • MD5

    1a7705af7daaf0b9f96bf64d9c94b134

  • SHA1

    54480404f46b5079bc7aa1e4821e6502b3c63442

  • SHA256

    9f8eb4ee47a72b35aebd9ce72d0b125485c1b015bc68b63a44035b138337c244

  • SHA512

    af777c898ccadcc8b8902655799eebe75a59dca4ae2d9d5ced207a1d490effc22a63c672fd10775dc80e3764c5c5a3aa11d0ebcdb15baf7ec4b02ee0f4aef890

  • SSDEEP

    12288:qDz0kmLQqbkmV4Pc1sVaWelfOiX3ylTgGT:aeFbkmVnsVaZWiX3O

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 19 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a7705af7daaf0b9f96bf64d9c94b134.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3464
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a7705af7daaf0b9f96bf64d9c94b134.dll,#1
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4880
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 636
        3⤵
        • Program crash
        PID:1708
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4880 -ip 4880
    1⤵
      PID:892

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4880-0-0x0000000002D80000-0x0000000002D81000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4880-1-0x0000000000400000-0x00000000004E0000-memory.dmp

            Filesize

            896KB

            Download