Overview
overview
10Static
static
10files/Manager.dll
windows7_x64
1files/Manager.dll
windows10-2004_x64
1files/Wiper.exe
windows7_x64
8files/Wiper.exe
windows10-2004_x64
8files/spreaderA.dll
windows7_x64
1files/spreaderA.dll
windows10-2004_x64
1files/spreaderB.dll
windows7_x64
1files/spreaderB.dll
windows10-2004_x64
1Analysis
-
max time kernel
158s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
01-07-2022 02:20
Static task
static1
Behavioral task
behavioral1
Sample
files/Manager.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
files/Manager.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
files/Wiper.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
files/Wiper.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
files/spreaderA.dll
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
files/spreaderA.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
files/spreaderB.dll
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
files/spreaderB.dll
Resource
win10v2004-20220414-en
General
-
Target
files/spreaderA.dll
-
Size
119KB
-
MD5
58d71fff346017cf8311120c69c9946a
-
SHA1
6b5958bfabfe7c731193adb96880b225c8505b73
-
SHA256
2d29f9ca1d9089ba0399661bb34ba2fd8aba117f04678cd71856d5894aa7150b
-
SHA512
315cc419f6ec600a345447b0f49e3de9f13c1e96d9bbc272f982204b1c7ec71cb3805f5ff7821da3e7944e327c22e5eba6f3c94b08c66b6e241395e1ea133ed1
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4772 wrote to memory of 2068 4772 rundll32.exe rundll32.exe PID 4772 wrote to memory of 2068 4772 rundll32.exe rundll32.exe PID 4772 wrote to memory of 2068 4772 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2068-130-0x0000000000000000-mapping.dmp