Overview

overview

3

Static

static

3

79310a44b2...2f.dll

windows7-x64

3

79310a44b2...2f.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-01-2024 12:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79310a44b2dc09c22a60d645c7bfaa3505a400a2d6dedecb6cbc7d1c7757092f.dll

  • Size

    397KB

  • MD5

    26069fd3189e536debdd6f4143da28f1

  • SHA1

    0413364cdc05ecae96e83c57e770518b4725e8e9

  • SHA256

    79310a44b2dc09c22a60d645c7bfaa3505a400a2d6dedecb6cbc7d1c7757092f

  • SHA512

    197f8f0778ccc5c56754d5d38ac8f1759cbf2d175f390319162b204e9fcd12cf8a506cfdc3792f3359dd40f80f3be1c6c5502f06ca37254e93d66a5cec114b17

  • SSDEEP

    6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOa7:174g2LDeiPDImOkx2LIa7

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\79310a44b2dc09c22a60d645c7bfaa3505a400a2d6dedecb6cbc7d1c7757092f.dll,#1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4424
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\79310a44b2dc09c22a60d645c7bfaa3505a400a2d6dedecb6cbc7d1c7757092f.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads