Analysis

  • max time kernel
    1789s
  • max time network
    1766s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-04-2024 12:04

General

  • Target

    Installer [GitHub]/libs/xmllite.dll

  • Size

    210KB

  • MD5

    edd4ab0b9754ddaeba5b1eba5bfb7d49

  • SHA1

    d9b3af28c0dd54260ec2995e1610568dbb23c48e

  • SHA256

    1c504b90689a1d12ab8b571edc6189b085502d1794fcdc890897df4729399a5f

  • SHA512

    433a21bfa962fbdab0fc6c04786307e83715a6c41c5e502b80e2ea0d795fcfe2555295914be51714d952454a9eaaf890804dbe4de40cec49cea82afc198b6b15

  • SSDEEP

    3072:zwd5q7UxjvwCG4W27p5GLg21H3wIkmQ7hnZJgYRxFOyrlXkWcdhZdWrilTP3wf:zwPqYxMCG4rp4k21gnDhnZJgYflqZZ

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Installer [GitHub]\libs\xmllite.dll",#1
    1⤵
      PID:2068
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:2652
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4864

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4864-0-0x000001ED20A40000-0x000001ED20A50000-memory.dmp

        Filesize

        64KB

      • memory/4864-16-0x000001ED20B40000-0x000001ED20B50000-memory.dmp

        Filesize

        64KB

      • memory/4864-32-0x000001ED28E40000-0x000001ED28E41000-memory.dmp

        Filesize

        4KB

      • memory/4864-34-0x000001ED28E70000-0x000001ED28E71000-memory.dmp

        Filesize

        4KB

      • memory/4864-35-0x000001ED28E70000-0x000001ED28E71000-memory.dmp

        Filesize

        4KB

      • memory/4864-36-0x000001ED28F80000-0x000001ED28F81000-memory.dmp

        Filesize

        4KB