843bafe3692f95dac538a4635de5a66a0d9cd1a2c23f2a806323a5a592b4a421 | Triage

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-02-2024 19:58

Sharing

Report Analysis Logs

General

Target

aa0846a64467c996fee68c3fd609e2c7.dll
Size

218KB
MD5

aa0846a64467c996fee68c3fd609e2c7
SHA1

dad4675a1058308878bbcdb3a30144ba58eb47e8
SHA256

843bafe3692f95dac538a4635de5a66a0d9cd1a2c23f2a806323a5a592b4a421
SHA512

6f4338782aff6d3a0078fad853f91036c5723819dfb14194b931ed8ea45edeb66bf945c0635808f0977664f40bc52b6dd2eb773ebb2e5adc47a34d5213205cf6
SSDEEP

6144:FRIAnet8SEHkqydsucCYc+v614qSM4jwK+hl14VQ1:FRyHEDasSgM4cKIlp1

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\pwisys.ini	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3688	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 3688	1684	rundll32.exe	62
PID 1684 wrote to memory of 3688	1684	rundll32.exe	62
PID 1684 wrote to memory of 3688	1684	rundll32.exe	62

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa0846a64467c996fee68c3fd609e2c7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa0846a64467c996fee68c3fd609e2c7.dll,#1
  2⤵
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  PID:3688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\pwisys.ini

Filesize
15B

MD5
f76b79ad78d2c7c08e33c53798efd7ab

SHA1
40e3ed279bb7e37b7e37c62ad9b7183f81234ca2

SHA256
3c9fee212611cf3dde2fcc18e09e3811a37c6bc2eb4b542d1006f96601dfa04c

SHA512
7aebfa69e2b70d647f64ed912ca6d5ae881d4df6679cac303c67a69abce98f4ef5d185b0c07efbe5fb67ee9453311f58a3ac50272889f59ba73e3c45ba667647

Download Submit
memory/3688-0-0x0000000000AF0000-0x0000000000B2C000-memory.dmp

Filesize
240KB

Download