Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
10-05-2022 05:35
Static task
static1
Behavioral task
behavioral1
Sample
148.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
148.dll
-
Size
740KB
-
MD5
7cc91fb0c73b92f4dcb529b5c2489489
-
SHA1
84ce61490587d848295aa5eebfdd502c50e200bc
-
SHA256
606c0609795d39cb100592a57b8f0ccbb23809f6f77c5abc0baeb43cf177adb5
-
SHA512
c7127491c0cf1878b38c2417a072ffe8b123022b2b4d1d14706d783b7a23bc24df7185438c7c04a726dc01dd9d651574828e54dceb51b1094fc9c7abfca81d26
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1312-56-0x00000000002A0000-0x00000000002D9000-memory.dmp templ_dll behavioral1/memory/1312-60-0x00000000003D0000-0x0000000000407000-memory.dmp templ_dll behavioral1/memory/1312-63-0x0000000000220000-0x0000000000256000-memory.dmp templ_dll -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1280 wrote to memory of 1312 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 1312 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 1312 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 1312 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 1312 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 1312 1280 rundll32.exe rundll32.exe PID 1280 wrote to memory of 1312 1280 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1312-54-0x0000000000000000-mapping.dmp
-
memory/1312-55-0x0000000076181000-0x0000000076183000-memory.dmpFilesize
8KB
-
memory/1312-56-0x00000000002A0000-0x00000000002D9000-memory.dmpFilesize
228KB
-
memory/1312-60-0x00000000003D0000-0x0000000000407000-memory.dmpFilesize
220KB
-
memory/1312-63-0x0000000000220000-0x0000000000256000-memory.dmpFilesize
216KB
-
memory/1312-64-0x0000000000410000-0x0000000000453000-memory.dmpFilesize
268KB