matanbuchus | 48ad2fadb0550066f0ee1d20b73cdb397c53479152c2f3d14fe7d09b8a972117 | Triage

Analysis

max time kernel
139s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
21-06-2022 13:12

Sharing

Report Analysis Logs

General

Target

x86.dll
Size

1.5MB
MD5

abd3d08598ae706addcd289a75f2341e
SHA1

a358290a5bb6ac3a4b0f536bcda2b6d0640bef10
SHA256

48ad2fadb0550066f0ee1d20b73cdb397c53479152c2f3d14fe7d09b8a972117
SHA512

b45ea47ef0446e432703140f8df28baa65fd63e14b674fde5629ebe639b198b72dcc5526a8236101a2426dab465989c9e1885e68111b6d075ebd7d3b091bb0c7

Score

10^/10

matanbuchus loader

Malware Config

Signatures

Matanbuchus
A loader sold as MaaS first seen in February 2021.
loader matanbuchus

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 3880	2068	rundll32.exe	79
PID 2068 wrote to memory of 3880	2068	rundll32.exe	79
PID 2068 wrote to memory of 3880	2068	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\x86.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\x86.dll,#1
  2⤵
  PID:3880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3880-131-0x0000000010000000-0x0000000010079000-memory.dmp

Filesize
484KB

Download