Analysis

  • max time kernel
    45s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    17-04-2022 21:02

General

  • Target

    78366B123438B7CD2F167E49623104B76A0E27334CE3F.dll

  • Size

    122KB

  • MD5

    948717a6d0102100a857555db2579f90

  • SHA1

    5dd65a1535b793f7c314b00f18e6a81f3ccb6fb8

  • SHA256

    78366b123438b7cd2f167e49623104b76a0e27334ce3f39b91a36abe8c67d665

  • SHA512

    eb2437d578e368e2accebf38fc75bf82138083b91b9b630651a78d72a1896dd538d249a64a34afdaf7bfec3da2b9ebd433a9d50c5bc3fe9b4c6add12493609cb

Score
8/10

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\78366B123438B7CD2F167E49623104B76A0E27334CE3F.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:944
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\78366B123438B7CD2F167E49623104B76A0E27334CE3F.dll,#1
      2⤵
        PID:1952

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1952-54-0x0000000000000000-mapping.dmp

    • memory/1952-55-0x0000000075801000-0x0000000075803000-memory.dmp

      Filesize

      8KB