Overview

overview

3

Static

static

3

coreshell.dll

windows7-x64

1

coreshell.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 23:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    coreshell.dll

  • Size

    396KB

  • MD5

    c1cd8f640dc560e9bdc873282298623e

  • SHA1

    f1e318c4250ac14ab49efdeea7856f949d68aa1e

  • SHA256

    c8f5ca7f0c01ce9d967a6895d13402e2299fc62e8b94dee27b20e66f13cb1f4c

  • SHA512

    c991a75199821430cf0a83cba87323dc8e8151d5147cad5bda7ac12259dcbf75320721fc84ed7bb9ccf5128dbdefa235ed1d768311436216aae55595cf121fb1

  • SSDEEP

    1536:/CwxSsJ5ucqow+cdl4ScsWjcdIjVuyjCgAV:/CwxSkvGl1IjVuyOgAV

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\coreshell.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3580
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\coreshell.dll,#1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads