Analysis

  • max time kernel
    133s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2024, 17:28

General

  • Target

    elfload.dll

  • Size

    41KB

  • MD5

    0a58c05d59777d16b2ad9ec32a6ecb44

  • SHA1

    cb6f7c57e3c13ea8bad04fac896753152eb68660

  • SHA256

    f12023454301b8ee349f9f474fff2996c85550648c363a8b1ac6d006525b4bc6

  • SHA512

    51b7d1d91297246d5d0eafe7e87ec0d3369744d8631797d6373e089823d0f4ce42c2454e5bdb7fe34e2ed191357a72d31aac8b919834fab3f6c031af7bba0aa9

  • SSDEEP

    768:fC6dfYQd2bFt6oxs+iqDjw/0d0mZoowhnUVeWdIXnbcuyD7U4xejYlIxS:fCkYDbT33jw/0tZ4nWvonouy84FIc

Score
7/10

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\elfload.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1888
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\elfload.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2276

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2276-0-0x0000000067500000-0x000000006751C000-memory.dmp

    Filesize

    112KB

  • memory/2276-1-0x0000000067500000-0x000000006751C000-memory.dmp

    Filesize

    112KB