Overview

overview

3

Static

static

3

9c0cdaa5cd...5f.dll

windows7-x64

1

9c0cdaa5cd...5f.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 13:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9c0cdaa5cdc0ee01720c5c9589111265928790a9194dc778192c3943f2645d5f.dll

  • Size

    397KB

  • MD5

    2e8f538f3df65f6bfc83ac54e2a5834b

  • SHA1

    6d71a9e59f736b4ae8f19e4839a8bb05b289a638

  • SHA256

    9c0cdaa5cdc0ee01720c5c9589111265928790a9194dc778192c3943f2645d5f

  • SHA512

    e0e0da0cc7a233ecd08f2a1aadec012b7d2750b6802944829c83840895ffd1f41af12a89c4e04aed16355d786ae09c9dd03885f621a40a00c917a948292a2ec3

  • SSDEEP

    6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaz:174g2LDeiPDImOkx2LIaz

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c0cdaa5cdc0ee01720c5c9589111265928790a9194dc778192c3943f2645d5f.dll,#1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1640
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c0cdaa5cdc0ee01720c5c9589111265928790a9194dc778192c3943f2645d5f.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads