Analysis
-
max time kernel
15s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
28-12-2024 04:59
General
-
Target
fed1ed2f9e0288199518c43d472eec0dbbe9c7d352058de210c846c228fb2d63.dll
-
Size
76KB
-
MD5
c0f31e61a1adfc3cee5fd0bce4e2646c
-
SHA1
249118639ee505d124be7613717fdca67843e973
-
SHA256
fed1ed2f9e0288199518c43d472eec0dbbe9c7d352058de210c846c228fb2d63
-
SHA512
a6d77db72b5e84130f9dee56a1f75902f652ebf58e048c45450fb34777c1c99a3e4ea1556764262ae427c4fdcf3770ba4ab7bed15963977066396dff23af594b
-
SSDEEP
1536:YjV8y93KQpFQmPLRk7G50zy/riF12jvRyo0hQk7ZL3Hzf:c8y93KQjy7G55riF1cMo03xf
Malware Config
Signatures
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fed1ed2f9e0288199518c43d472eec0dbbe9c7d352058de210c846c228fb2d63.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fed1ed2f9e0288199518c43d472eec0dbbe9c7d352058de210c846c228fb2d63.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 3323⤵
- Program crash
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
192KB