Overview

overview

5

Static

static

3

56aee52f49...aa.dll

windows7-x64

5

56aee52f49...aa.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    143s
  • max time network
    111s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/09/2024, 00:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    56aee52f4940412abcd9a15efb5e9c1df00cc3fe505482d62b9ed78f471eb3aa.dll

  • Size

    360KB

  • MD5

    726752194a382cd9d540b4976d524947

  • SHA1

    9b6a2be0a893705c4cc8b8eb40036686d46e9bb1

  • SHA256

    56aee52f4940412abcd9a15efb5e9c1df00cc3fe505482d62b9ed78f471eb3aa

  • SHA512

    385793ac0d0157c8ee7d1592f911aa836ee754fb5997b97d8427a5e451334e4689452f0ba964ebc011475bec6b3d36590e31d273983e9a1b710952920e837fee

  • SSDEEP

    6144:9mRdC6xhlEgUBgi1Ew8jvilWd6A5A5hMj:9mRdCiFagiQjgdAshMj

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\56aee52f4940412abcd9a15efb5e9c1df00cc3fe505482d62b9ed78f471eb3aa.dll,#1
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of FindShellTrayWindow
    PID:1108

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1108-1-0x000002126AF40000-0x000002126AF42000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1108-0-0x000002126AF40000-0x000002126AF41000-memory.dmp

          Filesize

          4KB

          Download