Managed XDR

sqlite3 — malware analysis report

File info

Filename
sqlite3
File type
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
File size
40 KB
First seen
Last seen

Environment

win7/x64 en

Hashes

SHA1
5f02df0c359234d21f76bb2c453e6d64607bda9a
SHA256
5edc932122c12adb556ed944330d1779756ea7084cebf715ad6a7a3f1908920d
MD5
1e88ca903af7b38f813de0f0949c05e3

Signatures

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1574 dropper_dll: Creates DLL, which is then loaded into the process

Defense Evasion

T1027.002 unnamed_memory_regions_contains_pe: One or several unnamed memory regions are PE files
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1497.001 antivm_queries_computername: Retrieves the computer name
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1574 dropper_dll: Creates DLL, which is then loaded into the process

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity
Managed XDR