Overview

overview

10

Static

static

10

bfd1ae116e...0b.dll

windows7-x64

1

bfd1ae116e...0b.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/03/2024, 19:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bfd1ae116e75099e0a78735fd3192e01e896052eaa8970c46bd508ab74b01f0b.dll

  • Size

    899KB

  • MD5

    6eb1b53aca7e4fc25ff88ac538de1203

  • SHA1

    78ce52abe4d06fcc76c48628bdb94bf955e6a87c

  • SHA256

    bfd1ae116e75099e0a78735fd3192e01e896052eaa8970c46bd508ab74b01f0b

  • SHA512

    be91fb280293a6a19246ea4fa61d7d8c0a354cd1d4372742655007c569c7bff07901f06502521fc7aab9247e251e6deba5395fef9f23bede3ae3bcf1db5d4e60

  • SSDEEP

    24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXg:7wqd87Vg

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bfd1ae116e75099e0a78735fd3192e01e896052eaa8970c46bd508ab74b01f0b.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1564
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\bfd1ae116e75099e0a78735fd3192e01e896052eaa8970c46bd508ab74b01f0b.dll,#1
      2⤵
      • Suspicious behavior: RenamesItself
      PID:2924
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:4216
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1188

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
            Filesize

            16KB

            MD5

            be98db19a8bef4b5304692f8c1f9bbb5

            SHA1

            864bf6a242292e859880dd1507ded86dfc73527c

            SHA256

            1c989698e06b309165877039fd73a9e5ade5f6a16f6d643950315a1228f900e6

            SHA512

            8787364b9bc964e27abb677d2bf5fe3e9bb2acba06a5877fdde1c3626e7667c78005cec8dbd492f8668b075421dc08bad00e9f35217dbb99aff682f475259b6c

            Download Submit

          • memory/1188-40-0x000002791B260000-0x000002791B261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-42-0x000002791B260000-0x000002791B261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-33-0x000002791B260000-0x000002791B261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-34-0x000002791B260000-0x000002791B261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-35-0x000002791B260000-0x000002791B261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-36-0x000002791B260000-0x000002791B261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-37-0x000002791B260000-0x000002791B261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-38-0x000002791B260000-0x000002791B261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-39-0x000002791B260000-0x000002791B261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-43-0x000002791AE80000-0x000002791AE81000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-32-0x000002791B230000-0x000002791B231000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-41-0x000002791B260000-0x000002791B261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-0-0x0000027912B40000-0x0000027912B50000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1188-44-0x000002791AE70000-0x000002791AE71000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-46-0x000002791AE80000-0x000002791AE81000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-49-0x000002791AE70000-0x000002791AE71000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-52-0x000002791ADB0000-0x000002791ADB1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-16-0x0000027912C40000-0x0000027912C50000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1188-64-0x000002791AFB0000-0x000002791AFB1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-66-0x000002791AFC0000-0x000002791AFC1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-67-0x000002791AFC0000-0x000002791AFC1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1188-68-0x000002791B0D0000-0x000002791B0D1000-memory.dmp

            Filesize

            4KB

            Download