e5b826256ab923b4395c8dcfe66e06bff8f395c93733127deb019f4faacca567

Analysis

max time kernel
164s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 03:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cd7f40a1519f7228157f4b71b24acd9.dll
Size

432KB
MD5

0cd7f40a1519f7228157f4b71b24acd9
SHA1

559d65d98627df83a379e51e3b1a61ff8a5311cd
SHA256

e5b826256ab923b4395c8dcfe66e06bff8f395c93733127deb019f4faacca567
SHA512

e4e6c9b0f3f192eb14bb47a3638e7b9b7bcdcf65b4fdff20d21ecc30ff8e98a802975953c7a01461c4f7ee03b115880ce98edf3fd70d4957e8bec03e4a00f65c
SSDEEP

6144:SW4oPJqMOqjU0XF2idZecnl20lHRxp3gOe0M6E81xS0WcHpsFbBqt:ioRPOqjU6F3Z4mxx80MHoTAFbi

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 4 IoCs

flow	pid	Process
50	384	rundll32.exe
61	384	rundll32.exe
75	384	rundll32.exe
83	384	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	384	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 384	3028	rundll32.exe	89
PID 3028 wrote to memory of 384	3028	rundll32.exe	89
PID 3028 wrote to memory of 384	3028	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cd7f40a1519f7228157f4b71b24acd9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cd7f40a1519f7228157f4b71b24acd9.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious use of AdjustPrivilegeToken
  PID:384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/384-0-0x0000000000400000-0x00000000004A9000-memory.dmp

Filesize
676KB

Download
memory/384-1-0x0000000002A40000-0x0000000002A94000-memory.dmp

Filesize
336KB

Download
memory/384-2-0x0000000000400000-0x00000000004A9000-memory.dmp

Filesize
676KB

Download
memory/384-4-0x0000000002C90000-0x0000000002C91000-memory.dmp

Filesize
4KB

Download
memory/384-3-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

Filesize
4KB

Download
memory/384-6-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download
memory/384-5-0x0000000002CE0000-0x0000000002CE1000-memory.dmp

Filesize
4KB

Download
memory/384-7-0x0000000002C60000-0x0000000002C61000-memory.dmp

Filesize
4KB

Download
memory/384-8-0x0000000002CD0000-0x0000000002CD1000-memory.dmp

Filesize
4KB

Download
memory/384-9-0x0000000002CC0000-0x0000000002CC1000-memory.dmp

Filesize
4KB

Download
memory/384-10-0x0000000002CF0000-0x0000000002CF1000-memory.dmp

Filesize
4KB

Download
memory/384-11-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/384-12-0x0000000003C50000-0x0000000003C51000-memory.dmp

Filesize
4KB

Download
memory/384-13-0x0000000003C50000-0x0000000003C51000-memory.dmp

Filesize
4KB

Download
memory/384-14-0x0000000003C50000-0x0000000003C51000-memory.dmp

Filesize
4KB

Download
memory/384-15-0x0000000003C50000-0x0000000003C51000-memory.dmp

Filesize
4KB

Download
memory/384-16-0x0000000003C40000-0x0000000003C41000-memory.dmp

Filesize
4KB

Download
memory/384-17-0x0000000003C40000-0x0000000003C41000-memory.dmp

Filesize
4KB

Download
memory/384-18-0x0000000003C40000-0x0000000003C41000-memory.dmp

Filesize
4KB

Download
memory/384-19-0x0000000003C40000-0x0000000003C41000-memory.dmp

Filesize
4KB

Download
memory/384-20-0x0000000003C40000-0x0000000003C41000-memory.dmp

Filesize
4KB

Download
memory/384-21-0x0000000003C40000-0x0000000003C41000-memory.dmp

Filesize
4KB

Download
memory/384-22-0x0000000003C40000-0x0000000003C41000-memory.dmp

Filesize
4KB

Download
memory/384-23-0x0000000003C40000-0x0000000003C41000-memory.dmp

Filesize
4KB

Download
memory/384-24-0x0000000003C40000-0x0000000003C41000-memory.dmp

Filesize
4KB

Download
memory/384-25-0x0000000003C40000-0x0000000003C41000-memory.dmp

Filesize
4KB

Download
memory/384-26-0x0000000003C40000-0x0000000003C41000-memory.dmp

Filesize
4KB

Download
memory/384-27-0x0000000003C40000-0x0000000003C41000-memory.dmp

Filesize
4KB

Download
memory/384-28-0x0000000003C40000-0x0000000003C42000-memory.dmp

Filesize
8KB

Download
memory/384-29-0x0000000003C90000-0x0000000003DD0000-memory.dmp

Filesize
1.2MB

Download
memory/384-30-0x0000000003C90000-0x0000000003DD0000-memory.dmp

Filesize
1.2MB

Download
memory/384-31-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/384-32-0x0000000003C50000-0x0000000003C51000-memory.dmp

Filesize
4KB

Download
memory/384-33-0x0000000002A20000-0x0000000002A21000-memory.dmp

Filesize
4KB

Download
memory/384-34-0x0000000002A30000-0x0000000002A31000-memory.dmp

Filesize
4KB

Download
memory/384-35-0x0000000003C80000-0x0000000003C81000-memory.dmp

Filesize
4KB

Download
memory/384-36-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/384-37-0x0000000003C60000-0x0000000003C61000-memory.dmp

Filesize
4KB

Download
memory/384-38-0x0000000000400000-0x00000000004A9000-memory.dmp

Filesize
676KB

Download
memory/384-40-0x0000000002A40000-0x0000000002A94000-memory.dmp

Filesize
336KB

Download
memory/384-41-0x0000000003C40000-0x0000000003C41000-memory.dmp

Filesize
4KB

Download
memory/384-42-0x0000000003C90000-0x0000000003DD0000-memory.dmp

Filesize
1.2MB

Download
memory/384-43-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads