Overview
overview
8Static
static
420200308-s...19.pdf
windows7_x64
120200308-s...19.pdf
windows10-2004_x64
83UDBUTNY7YstRc.dll
windows7_x64
13UDBUTNY7YstRc.dll
windows10-2004_x64
8486AULMsOPmf6W.exe
windows7_x64
1486AULMsOPmf6W.exe
windows10-2004_x64
89sOXN6Ltf0afe7.js
windows7_x64
89sOXN6Ltf0afe7.js
windows10-2004_x64
8cSi1r0uywDNvDu.xml
windows7_x64
1cSi1r0uywDNvDu.xml
windows10-2004_x64
8Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
01-02-2022 02:34
Behavioral task
behavioral1
Sample
20200308-sitrep-48-covid-19.pdf
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
20200308-sitrep-48-covid-19.pdf
Resource
win10v2004-en-20220113
Behavioral task
behavioral3
Sample
3UDBUTNY7YstRc.dll
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
3UDBUTNY7YstRc.dll
Resource
win10v2004-en-20220113
Behavioral task
behavioral5
Sample
486AULMsOPmf6W.exe
Resource
win7-en-20211208
Behavioral task
behavioral6
Sample
486AULMsOPmf6W.exe
Resource
win10v2004-en-20220112
Behavioral task
behavioral7
Sample
9sOXN6Ltf0afe7.js
Resource
win7-en-20211208
Behavioral task
behavioral8
Sample
9sOXN6Ltf0afe7.js
Resource
win10v2004-en-20220112
Behavioral task
behavioral9
Sample
cSi1r0uywDNvDu.xml
Resource
win7-en-20211208
Behavioral task
behavioral10
Sample
cSi1r0uywDNvDu.xml
Resource
win10v2004-en-20220112
General
-
Target
3UDBUTNY7YstRc.dll
-
Size
32KB
-
MD5
83d04f21515c7e6316f9cd0bb393a118
-
SHA1
e00b982a14835dae781bbbe06055d7d18acc6eb0
-
SHA256
a49133ed68bebb66412d3eb5d2b84ee71c393627906f574a29247d8699f1f38e
-
SHA512
ae8f75199bb7776b96d5069d0aa5e5e144948ed7d3072c2b7b4e0b99f9eea7dcab1890782b83eeee2c4b17b9a03a7094e4b1df7f659ec52c01dabb95daee21c6
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1576 wrote to memory of 1792 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 1792 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 1792 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 1792 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 1792 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 1792 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 1792 1576 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1792-54-0x00000000754B1000-0x00000000754B3000-memory.dmpFilesize
8KB