Overview

overview

7

Static

static

3

llcom.exe

windows7-x64

7

llcom.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 09:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    llcom.exe

  • Size

    4.1MB

  • MD5

    791040a50a025af2e9e51c127d411175

  • SHA1

    3375f8aa72b5e18eb6476003e802e6e7dc8a09ed

  • SHA256

    2034ef40d95b0650d0e9822dede4b1af9abc0010b8c96f30759945d3808b00f2

  • SHA512

    8ebbe6b3e240b70bdd3a15f571dc4faeeda9606657cd5fc98941a934f0ad4ab541dc907554bd39219297c9a2d431264e4af5bb24046ba7658f28ff2402f63ce8

  • SSDEEP

    98304:FXq/eMtInM2Z+Cw9uxz+5FGZpwh2LJ00ZwYV2kqXf0FGzECUc6exUh:YuMbuxzzHR+0KYV2kSIBCUc6I2

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\llcom.exe
    "C:\Users\Admin\AppData\Local\Temp\llcom.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\Costura\65C3835E9F845C68BA38CBCEC0BCB635\64\xlua.dll
    Filesize

    501KB

    MD5

    77b2470facddafcb618228aae50b2178

    SHA1

    e1dd166582bc5f4159f263d29dfa1cb94fe5518e

    SHA256

    57520a48c3a07fa05b53f71fcb2a4f157424d501e38a5bcbbc74e2af16030364

    SHA512

    a8a1e47047b408a46c28ff429eca75371631a6a7e8d4ad8278c65f5064f3050c827134a3a8f0d9d391ebe792e8786576603a24b9160b842578bb2f20ecafb3d9

    Download Submit

  • memory/3012-14-0x0000000000810000-0x000000000081A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3012-15-0x00000000028B0000-0x00000000028EA000-memory.dmp

    Filesize

    232KB

    Download

  • memory/3012-8-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3012-9-0x0000000000760000-0x0000000000790000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3012-10-0x0000000002860000-0x00000000028AE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3012-11-0x00000000026A0000-0x00000000026D2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/3012-1-0x0000000000A50000-0x0000000000E70000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/3012-12-0x000000001B860000-0x000000001B8FE000-memory.dmp

    Filesize

    632KB

    Download

  • memory/3012-13-0x0000000000810000-0x000000000081A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3012-0-0x000007FEF5D33000-0x000007FEF5D34000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3012-16-0x000000001BEC0000-0x000000001BF72000-memory.dmp

    Filesize

    712KB

    Download

  • memory/3012-17-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3012-18-0x000007FEF5D33000-0x000007FEF5D34000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3012-19-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3012-20-0x0000000000810000-0x000000000081A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3012-21-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

    Filesize

    9.9MB

    Download