e1c1a7f365c3ff5b410d6086388f8c92c9c87133b090821f888177b80ad13987

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1c1a7f365c3ff5b410d6086388f8c92c9c87133b090821f888177b80ad13987.dll
Size

14.2MB
MD5

f95f20d2cb2e866ea4f34ae334239cd3
SHA1

dcb90e70e9e7866a73444e3ca0875fa05a545e12
SHA256

e1c1a7f365c3ff5b410d6086388f8c92c9c87133b090821f888177b80ad13987
SHA512

44709139f87cb2d367c6d495ff4621c653acac067a340c533f5078003c466edd0c71a20f2b8f65779cf53cbbd22dec54f214af7d42f49baf6cb0d0f41dcc6f58
SSDEEP

393216:fwhUaZJ8GB3iIvBrNIULjKmjjIxvGDjk1brIm:fuj8GB3NJuKDj8rI

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2904	rundll32.exe
2904	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2904	rundll32.exe
2904	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1c1a7f365c3ff5b410d6086388f8c92c9c87133b090821f888177b80ad13987.dll,#1
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2904-0-0x000007FEF2E60000-0x000007FEF3717000-memory.dmp

Filesize
8.7MB

Download
memory/2904-26-0x00000000771F0000-0x00000000771F2000-memory.dmp

Filesize
8KB

Download
memory/2904-24-0x00000000771F0000-0x00000000771F2000-memory.dmp

Filesize
8KB

Download
memory/2904-22-0x00000000771F0000-0x00000000771F2000-memory.dmp

Filesize
8KB

Download
memory/2904-21-0x000007FEF2D60000-0x000007FEF4543000-memory.dmp

Filesize
23.9MB

Download
memory/2904-20-0x00000000771E0000-0x00000000771E2000-memory.dmp

Filesize
8KB

Download
memory/2904-18-0x00000000771E0000-0x00000000771E2000-memory.dmp

Filesize
8KB

Download
memory/2904-16-0x00000000771E0000-0x00000000771E2000-memory.dmp

Filesize
8KB

Download
memory/2904-15-0x00000000771D0000-0x00000000771D2000-memory.dmp

Filesize
8KB

Download
memory/2904-13-0x00000000771D0000-0x00000000771D2000-memory.dmp

Filesize
8KB

Download
memory/2904-11-0x00000000771D0000-0x00000000771D2000-memory.dmp

Filesize
8KB

Download
memory/2904-10-0x00000000771C0000-0x00000000771C2000-memory.dmp

Filesize
8KB

Download
memory/2904-8-0x00000000771C0000-0x00000000771C2000-memory.dmp

Filesize
8KB

Download
memory/2904-6-0x00000000771C0000-0x00000000771C2000-memory.dmp

Filesize
8KB

Download
memory/2904-5-0x00000000771B0000-0x00000000771B2000-memory.dmp

Filesize
8KB

Download
memory/2904-3-0x00000000771B0000-0x00000000771B2000-memory.dmp

Filesize
8KB

Download
memory/2904-1-0x00000000771B0000-0x00000000771B2000-memory.dmp

Filesize
8KB

Download
memory/2904-43-0x000007FEF2D60000-0x000007FEF4543000-memory.dmp

Filesize
23.9MB

Download
memory/2904-41-0x000007FEFCFE0000-0x000007FEFCFE2000-memory.dmp

Filesize
8KB

Download
memory/2904-39-0x000007FEFCFE0000-0x000007FEFCFE2000-memory.dmp

Filesize
8KB

Download
memory/2904-36-0x000007FEFCFD0000-0x000007FEFCFD2000-memory.dmp

Filesize
8KB

Download
memory/2904-34-0x000007FEFCFD0000-0x000007FEFCFD2000-memory.dmp

Filesize
8KB

Download
memory/2904-31-0x0000000077200000-0x0000000077202000-memory.dmp

Filesize
8KB

Download
memory/2904-29-0x0000000077200000-0x0000000077202000-memory.dmp

Filesize
8KB

Download
memory/2904-27-0x0000000077200000-0x0000000077202000-memory.dmp

Filesize
8KB

Download
memory/2904-46-0x000007FEF2D60000-0x000007FEF4543000-memory.dmp

Filesize
23.9MB

Download
memory/2904-47-0x000007FEF2D60000-0x000007FEF4543000-memory.dmp

Filesize
23.9MB

Download