Overview

overview

8

Static

static

3

37adb950b9...fa.dll

windows7-x64

8

37adb950b9...fa.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    114s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-04-2024 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37adb950b9798cdc5e13a47f48d3a9045f90e7cbd579a36b204d8347e2213efa.dll

  • Size

    21KB

  • MD5

    86ff27d7324694e21160b4ff2fd5f131

  • SHA1

    783a947b3b56210dfc1604043004a933071d8b99

  • SHA256

    37adb950b9798cdc5e13a47f48d3a9045f90e7cbd579a36b204d8347e2213efa

  • SHA512

    e419ca5d149c36e9639f008ea874ddbefbf9444da5b2693cb9dfdd8c118fb836df29e53c5af27c3358d36d143da8f9f40456e94b8e88cc03d5aa7a1403874d4d

  • SSDEEP

    384:zXOi3mlzA//ykT68v5U/P6dexwL9Y89SFSUpxzUKxwDMJtE+IaXWJp2:zXdWlA//lvBdJMFSUpxzUKx4oE+IAWb2

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\37adb950b9798cdc5e13a47f48d3a9045f90e7cbd579a36b204d8347e2213efa.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\37adb950b9798cdc5e13a47f48d3a9045f90e7cbd579a36b204d8347e2213efa.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1956
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2700 --field-trial-handle=2264,i,13734085038406049477,12426093271221802693,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3920

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\~alot.dat
      Filesize

      3KB

      MD5

      d0ab070aa4ecba59da2b6956862738d6

      SHA1

      7222a9aa2a1a4dca08600b86078beeb4be93dd00

      SHA256

      4215be5dd24c5ff176b112b7f5f28ff39789e1c8ef16485c40d164d1d9080e24

      SHA512

      aff7f61f72a3729490dd28b0937c8b067d3bb9a3e8ca5aeec05cd01d00712a3a4e83645a2ba539ed3eb6ca9d64770b896e3ca668610ff4f4081cf919bdf6510c

      Download Submit