Overview

overview

10

Static

static

10

3dc518e018...0N.dll

windows7-x64

7

3dc518e018...0N.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    16-07-2024 00:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3dc518e01831158541c00a55f7b97090N.dll

  • Size

    76KB

  • MD5

    3dc518e01831158541c00a55f7b97090

  • SHA1

    ccba5df7682b8c4406d102e24840c879d02bf7b9

  • SHA256

    e8cbc4bbb1b2ec614e8f1fff4e7fa293e8de6211565694244005e0f51c043e9b

  • SHA512

    c69043eeebe337dd6f929544e79968a42f7cb0de4a11c58fcdff30203a56a8ddc53db56a0c3acc68ba4fa4e2db39e81f6d5e71bbf393644fe129c1666d0362a1

  • SSDEEP

    1536:YjV8y93KQpFQmPLRk7G50zy/riF12jvRyo0hQk7Z1Ga5j:c8y93KQjy7G55riF1cMo03Vx

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3dc518e01831158541c00a55f7b97090N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1580
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\3dc518e01831158541c00a55f7b97090N.dll,#1
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/772-0-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

    Download

  • memory/772-1-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

    Download