Analysis
-
max time kernel
110s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
16-07-2024 00:40
General
-
Target
3c08f651f47ac51bcb3220e4d188a8f0N.dll
-
Size
76KB
-
MD5
3c08f651f47ac51bcb3220e4d188a8f0
-
SHA1
f985f6ac62ced4a287f0f5c11aa14beec849a609
-
SHA256
f7a2d65f2b424b031bf36824860c93519a1f5399da50caeaac7ee0d1a9208c3b
-
SHA512
0cec4e897d735867f082247bd8f2f1426845215dffaf05827430db510122f657a16b65f88769a33cb1b26af3b344a63b7b60bca82ab64b0193fc0969ca439762
-
SSDEEP
1536:YjV8y93KQpFQmPLRk7G50zy/riF12jvRyo0hQk7ZWlsx:c8y93KQjy7G55riF1cMo03kOx
Score
8/10
Malware Config
Signatures
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Program crash 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3c08f651f47ac51bcb3220e4d188a8f0N.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3c08f651f47ac51bcb3220e4d188a8f0N.dll,#12⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 3083⤵
- Program crash
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB