Analysis

  • max time kernel
    141s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 02:54

General

  • Target

    aircrack-ng-1.1-win/bin/cyggcc_s-1.dll

  • Size

    45KB

  • MD5

    2ccb3f13319637471ac6f0408f879d8c

  • SHA1

    5f4834c86feec3735f96a5f7830b3a11033868ed

  • SHA256

    2571b489c346b4600c869bf5e1b00e73bb42a71aaeb717d9041af07d4fdbd99c

  • SHA512

    219f3b28b649660b2d5094c9833dfff04e9670d4a1e9d4ddab4121ce6ece335e6d5dcd72508a99eae6c1a092efb72c6b33fb971756ccf8c1a062df3f24cac782

  • SSDEEP

    768:OQfWwyYIHDvELQ+Sh8BoxuRjayxeZ2HogOx0EtQagXlNzLznlttpmd9ea:OCWwpwo0JCWyc4dOgX/LRzDa

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\aircrack-ng-1.1-win\bin\cyggcc_s-1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4748
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\aircrack-ng-1.1-win\bin\cyggcc_s-1.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1820
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\aircrack-ng-1.1-win\bin\cyggcc_s-1.dll,#1
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1112-1-0x0000000061000000-0x0000000061300000-memory.dmp

    Filesize

    3.0MB

  • memory/1112-4-0x0000000067F00000-0x0000000067F10000-memory.dmp

    Filesize

    64KB

  • memory/1820-0-0x0000000061000000-0x0000000061300000-memory.dmp

    Filesize

    3.0MB

  • memory/1820-2-0x0000000067F00000-0x0000000067F10000-memory.dmp

    Filesize

    64KB