Overview

overview

8

Static

static

38380f9307...46.dll

windows7_x64

8

38380f9307...46.dll

windows10-2004_x64

8

Analysis

  • max time kernel
    155s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    25-06-2022 20:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38380f9307564df383000fe1f552826535c3c2d1b5775ecb2aeeb8389cf39746.dll

  • Size

    172KB

  • MD5

    a421e0676e4773b7c573f3b5cc71251b

  • SHA1

    5b1905d548c3427267d588a3c0883e23540f8d97

  • SHA256

    38380f9307564df383000fe1f552826535c3c2d1b5775ecb2aeeb8389cf39746

  • SHA512

    98d84c7e9af153c44dccc296a5ceb29ad3d3bf2451cda56f8f9856c6d78de47223f6ca149295030442f803ec6046e2536e46a549939adfc1a88ec12ff23d4573

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 6 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\38380f9307564df383000fe1f552826535c3c2d1b5775ecb2aeeb8389cf39746.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4528
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\38380f9307564df383000fe1f552826535c3c2d1b5775ecb2aeeb8389cf39746.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4956-130-0x0000000000000000-mapping.dmp
    Download