Resubmissions
01-07-2022 12:07
220701-paebkaehb3 10Analysis
-
max time kernel
143s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
01-07-2022 12:07
Static task
static1
Behavioral task
behavioral1
Sample
matanbuchus_loader_unpacked.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
matanbuchus_loader_unpacked.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
matanbuchus_loader_unpacked.dll
-
Size
471KB
-
MD5
795df1d16417f62c9868b9980a7c7a98
-
SHA1
655151885663229ea809fecfa8e1ecefb60ff3ad
-
SHA256
1d54fedc209ca132cb953f7fde263b65c7917e4e7e9fde6c4ef128aa04543a09
-
SHA512
de3235acb8908363c3606c34cf237aa9394f8914bcd3f885442a4a7e2afb4ab94e742257fb179c972899cdefc064d814b213fa0eb266f1c8a98dc70896b5393f
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1852 wrote to memory of 776 1852 rundll32.exe rundll32.exe PID 1852 wrote to memory of 776 1852 rundll32.exe rundll32.exe PID 1852 wrote to memory of 776 1852 rundll32.exe rundll32.exe PID 1852 wrote to memory of 776 1852 rundll32.exe rundll32.exe PID 1852 wrote to memory of 776 1852 rundll32.exe rundll32.exe PID 1852 wrote to memory of 776 1852 rundll32.exe rundll32.exe PID 1852 wrote to memory of 776 1852 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\matanbuchus_loader_unpacked.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1852 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\matanbuchus_loader_unpacked.dll,#12⤵PID:776
-