Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/04/2024, 12:08

General

  • Target

    DLL Injector Resou_nls..scr

  • Size

    353KB

  • MD5

    55244240d926c5dcf0a0432a474447e3

  • SHA1

    1ba2bc860ac70f343155a8a9ceebc772e6d1509f

  • SHA256

    1ed90c2a319e37c10a4646c8ae087d691ab13cbf2d39066080a96c685ab9c6c1

  • SHA512

    a4fefa0f7245c46306204c013900831ebdbe6e568a8bdeaca80d13f04e4f4e616c1005a8a53bfcd42623ca35ed9b03890a58bbe38fad9b9ea0d7a354bc9c92c1

  • SSDEEP

    6144:a7jx7iw0qvLJXnlUGujCtjno6itQl+REw6FMG/UHQS8PUHIRA8yVYtFmCaxHUV:a7VkqjVnl36ud0zR/6CtQ9PUHIG8Dn

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DLL Injector Resou_nls..scr
    "C:\Users\Admin\AppData\Local\Temp\DLL Injector Resou_nls..scr" /S
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2332-0-0x0000000000930000-0x000000000098A000-memory.dmp

    Filesize

    360KB

  • memory/2332-1-0x00000000746E0000-0x0000000074DCE000-memory.dmp

    Filesize

    6.9MB

  • memory/2332-2-0x00000000009E0000-0x0000000000A20000-memory.dmp

    Filesize

    256KB

  • memory/2332-3-0x0000000002010000-0x00000000020C2000-memory.dmp

    Filesize

    712KB

  • memory/2332-4-0x00000000746E0000-0x0000000074DCE000-memory.dmp

    Filesize

    6.9MB