Analysis

  • max time kernel
    117s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    01-02-2022 12:40

General

  • Target

    e29f14ed1dc3b16a16114912695d69e7a952ca0c51374c59618bfedeac56b43a.dll

  • Size

    22KB

  • MD5

    a469d5403003584e71c5e5bdbfc5d4e4

  • SHA1

    adf569be634c8bd03cc1948042499545a1bd1996

  • SHA256

    e29f14ed1dc3b16a16114912695d69e7a952ca0c51374c59618bfedeac56b43a

  • SHA512

    fabdb31756703f80cf168ee43f47e1538b43e02e4f9ac648c852aa7da3b87add8aaad1a08865ff2d8f2f1e48d4122fe7faf67453924885badad63df8c2f4c15a

Score
10/10

Malware Config

Signatures

  • Nloader

    Simple loader that includes the keyword 'campo' in the URL used to download other families.

  • Nloader Payload 2 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e29f14ed1dc3b16a16114912695d69e7a952ca0c51374c59618bfedeac56b43a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1624
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\e29f14ed1dc3b16a16114912695d69e7a952ca0c51374c59618bfedeac56b43a.dll,#1
      2⤵
      • Blocklisted process makes network request
      PID:1368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1368-55-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

    Filesize

    8KB

  • memory/1368-56-0x0000000010000000-0x0000000010007000-memory.dmp

    Filesize

    28KB

  • memory/1368-59-0x0000000000180000-0x0000000000185000-memory.dmp

    Filesize

    20KB