Analysis
-
max time kernel
110s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
25/09/2024, 12:18
General
-
Target
a993723443ef8349edf383638f05b8ed564c4f5b2afab3a85eb0caed1958ee85N.dll
-
Size
76KB
-
MD5
4e708ac4f9bd5329dcd23d0413f16720
-
SHA1
e3f063c97230766de959ddb29858c677c686640c
-
SHA256
a993723443ef8349edf383638f05b8ed564c4f5b2afab3a85eb0caed1958ee85
-
SHA512
5a15a319eb953f30370c175d159f62184abdeeb51c3bba978ce674e7c2502213a83765afaa4025f6354d44c3bbb0dc5cd1c6aa7705cadcee34b0587f14eb7dc3
-
SSDEEP
1536:YjV8y93KQpFQmPLRk7G50zy/riF12jvRyo0hQk7ZoDL/YgGyZMn:c8y93KQjy7G55riF1cMo03WDL/Ygl2n
Malware Config
Signatures
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a993723443ef8349edf383638f05b8ed564c4f5b2afab3a85eb0caed1958ee85N.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a993723443ef8349edf383638f05b8ed564c4f5b2afab3a85eb0caed1958ee85N.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 3203⤵
- Program crash
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
192KB