Analysis
-
max time kernel
0s -
max time network
7s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
31-12-2023 13:50
General
-
Target
38abbbe273a4ee9d7ccaa584be714cf9.dll
-
Size
110KB
-
MD5
38abbbe273a4ee9d7ccaa584be714cf9
-
SHA1
b38337cd716000346362de5ea83e0b5aa2a9c353
-
SHA256
fd742d138ea4752120f9177b34637e9601ea1b47ba5efb79e0be84909a2dc7a6
-
SHA512
670874050213911ffdc438a1e48c63ca23818d4392bf8d1084f62191bd7833e9532a730ab12bd7805b9554ab3ac516708abe367c7e36936865e32cfeddf7ab18
-
SSDEEP
3072:tqZSt67PYYk/ygAEPhyuK+FI4dlvCz3G6+WBWnMj:tqZ867PYYk/ydEPhyuK+FI0CrG6+5nMj
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\38abbbe273a4ee9d7ccaa584be714cf9.dll,#11⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DelEx.bat" "2⤵
-
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\38abbbe273a4ee9d7ccaa584be714cf9.dll,#11⤵
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
134B
MD51eecb9956dda4f93a5993ee4bd92cb69
SHA1d5e01cea39fab0cd15b4a081c93bc0a939ba6446
SHA256e204a0f3239fede4959d3f0f6fdf72d4986cfee7de8d3fcd21c31d06d36f7352
SHA512ddcb3151ed5409d8ae18cea5d131b55bba5ddfa8234043a2c32fbb5973f77ad46d0b12c79b615dc20b202de0f2043e1cfec90abfc25751119b464a0d2c16d672
-
Filesize
140KB
-
Filesize
140KB