0e33ec43858a978cc014428a20c16a3926b7e4fd44a9467f40caa83bf5c2fe52 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:03

Sharing

Report Analysis Logs

General

Target

293f227ed8c5442efc9aab943cdea100.dll
Size

12KB
MD5

293f227ed8c5442efc9aab943cdea100
SHA1

c594f0e1e82e8b61c31dea208a351f6e50c52c2c
SHA256

0e33ec43858a978cc014428a20c16a3926b7e4fd44a9467f40caa83bf5c2fe52
SHA512

2ad8b9f82b4fa3041b58c8c0de05a934dfbc5e2f5ee54a1c6c27853d722945233e22c2580121564efd4070507d5a62c6719333677b0ef63ba0c7272ed6e5bb5e
SSDEEP

384:1J3AJxAxQ/KwCiA4DgvPvCPVEVgbGqo5AorspFXB:1tA4x6CivDyCPVwKR

Score

1^/10

Malware Config

Signatures

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
488	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2504	rundll32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2504	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 2504	2560	rundll32.exe	28
PID 2560 wrote to memory of 2504	2560	rundll32.exe	28
PID 2560 wrote to memory of 2504	2560	rundll32.exe	28
PID 2560 wrote to memory of 2504	2560	rundll32.exe	28
PID 2560 wrote to memory of 2504	2560	rundll32.exe	28
PID 2560 wrote to memory of 2504	2560	rundll32.exe	28
PID 2560 wrote to memory of 2504	2560	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\293f227ed8c5442efc9aab943cdea100.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\293f227ed8c5442efc9aab943cdea100.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2504-0-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download