Analysis
-
max time kernel
19s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
21-01-2025 03:40
General
-
Target
6410ed8c900e0869536cb184f9a5d44f136d7d3888f7f4676c1e238122e139aeN.dll
-
Size
76KB
-
MD5
98b35c2e929d92048e0c74ffaf94bd30
-
SHA1
3ace61d4fc1e8d1001350e758fe953de57fb5e57
-
SHA256
6410ed8c900e0869536cb184f9a5d44f136d7d3888f7f4676c1e238122e139ae
-
SHA512
8f0cf262063647010ab18908d86a1c2393eb9b3b1e80a9a719f2d889e8f2d9d4eb7ece4fcd38965845fd644f614db489327a65c3b16d072f5508b4952a7285ef
-
SSDEEP
1536:YjV8y93KQpFQmPLRk7G50zy/riF12jvRyo0hQk7Z5w9DHY:c8y93KQjy7G55riF1cMo037w6
Malware Config
Signatures
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6410ed8c900e0869536cb184f9a5d44f136d7d3888f7f4676c1e238122e139aeN.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6410ed8c900e0869536cb184f9a5d44f136d7d3888f7f4676c1e238122e139aeN.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 3323⤵
- Program crash
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
192KB
-
Filesize
192KB