Overview

overview

3

Static

static

3

99dc1491e2...06.dll

windows7-x64

1

99dc1491e2...06.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-01-2024 11:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    99dc1491e2c78fcd61a602c62f12bc0701a943cdd8fb535df80f2c633a835006.dll

  • Size

    397KB

  • MD5

    26ef138e19431dcdded31b6ba1dd11ab

  • SHA1

    33850bcfabb1746d416bad7c78b75e39b324bae4

  • SHA256

    99dc1491e2c78fcd61a602c62f12bc0701a943cdd8fb535df80f2c633a835006

  • SHA512

    050e35928cbc99647dd178d5df1c58be78d3e552f0bc6e76761d7678d099160d6c910d767b9837d1c7e94525570cd5f82b191fcf15f0876b1689bbb71a879abd

  • SSDEEP

    6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaJ:174g2LDeiPDImOkx2LIaJ

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\99dc1491e2c78fcd61a602c62f12bc0701a943cdd8fb535df80f2c633a835006.dll,#1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3324
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\99dc1491e2c78fcd61a602c62f12bc0701a943cdd8fb535df80f2c633a835006.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads