Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 02:42

General

  • Target

    $PLUGINSDIR/UAC.dll

  • Size

    13KB

  • MD5

    a88baad3461d2e9928a15753b1d93fd7

  • SHA1

    bb826e35264968bbc3b981d8430ac55df1e6d4a6

  • SHA256

    c5ab2926c268257122d0342739e73573d7eeda34c861bc7a68a02cbc69bd41af

  • SHA512

    5edcf46680716930da7fd1a41b8b0426f057cf4becefb3ee84798ec8b449726afb822fb626c4942036a1ae3bb937184d1f71d0e45075abb5bf167f5d833df43a

  • SSDEEP

    192:qP6KdXy+Yo7e1J8qC25a5mDFmCLGUCVGpU6uNck87I0S/TDqwyTq+:q/q3Pgd5mx6VkEck87ILCTN

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1516
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 224
        3⤵
        • Program crash
        PID:1624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads