Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/01/2024, 10:27

General

  • Target

    5fa9d20296121bb0d6dfbf9994683f43.dll

  • Size

    8KB

  • MD5

    5fa9d20296121bb0d6dfbf9994683f43

  • SHA1

    614cda8b624a35e636b6b28dc42206511725e81b

  • SHA256

    9785c012a9d8f1f7682276ba3d8175ed4a613f1cb279370cea773b45d68a95cb

  • SHA512

    26d6d5dee54d24a818d41f3053bcf5b64b943f4c6adb1f4f1cb08032523e2095db5b5c0f5499bbb86640dfe66a4b5b2c2169f5ef7ecf0f1c99769aa7c607fbf9

  • SSDEEP

    48:id+P3zSSxPIux486DhFhklWqJ1ATDhZoEuYxf:QvSx335JOLoE

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\5fa9d20296121bb0d6dfbf9994683f43.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1268
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\5fa9d20296121bb0d6dfbf9994683f43.dll,#1
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:4572
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:5064
        • C:\Windows\SysWOW64\whoami.exe
          whoami
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2268

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads