0f6b16c9744b031188b88a250e3c096179b393cf60a7adcbc5287fc49fdd89e8 | Triage

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 22:44

Sharing

Report Analysis Logs

General

Target

05fca14bec25bb5bc20eacd3a4fb35e3.dll
Size

213KB
MD5

05fca14bec25bb5bc20eacd3a4fb35e3
SHA1

0c1b52f7d5721b06ae58349ebdc5bdfca1113a56
SHA256

0f6b16c9744b031188b88a250e3c096179b393cf60a7adcbc5287fc49fdd89e8
SHA512

d9a869d5a4ffb29e1fdd89fb46dc8b3f70702a18c0ce6db6550ece3da8bf922f351efc3f2c4beee8efbac484be9e8a1f08c7ebb5e6502864aebbcc282676e7b3
SSDEEP

384:BS3EaAGVBRDioyMN7ssVdL8+z5154a+Z0XTthy:BmEaAGVBR/yw7ss3g+L5P5c

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4412-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4412	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 4412	1104	rundll32.exe	88
PID 1104 wrote to memory of 4412	1104	rundll32.exe	88
PID 1104 wrote to memory of 4412	1104	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\05fca14bec25bb5bc20eacd3a4fb35e3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\05fca14bec25bb5bc20eacd3a4fb35e3.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4412-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download