Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
24-05-2024 00:18
General
-
Target
8bd6000c423457e34614b28103827b2ea3b1e2cacc4ff07d4936090f078200f8.dll
-
Size
95KB
-
MD5
38098115b28513e9953ac978b324aeea
-
SHA1
73271e4c7e37fbb2493ed03f6269ca9dddda8070
-
SHA256
8bd6000c423457e34614b28103827b2ea3b1e2cacc4ff07d4936090f078200f8
-
SHA512
20d56dc6bad1a8899efbc7293c4cc825fae1d40ce0734a8af3971418729b17c0e0cdb4af7fee10ea5efcf648a5268b5d3d3212c61ed18a31c11d5e0d8563b4a8
-
SSDEEP
1536:NkGwueOJxhi6loej9cX8VAU0EgB2AW6dY5pZn4nDx2W6:umivAq7186a4nDxI
Score
7/10
Malware Config
Signatures
-
Drops startup file 1 IoCs
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8bd6000c423457e34614b28103827b2ea3b1e2cacc4ff07d4936090f078200f8.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8bd6000c423457e34614b28103827b2ea3b1e2cacc4ff07d4936090f078200f8.dll,#12⤵
- Drops startup file
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 7043⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2628 -ip 26281⤵