Overview

overview

10

Static

static

10

boot_00430000.dll

windows7_x64

1

boot_00430000.dll

windows10-2004_x64

3

Resubmissions

08-07-2022 07:45

220708-jlnrgshhg3 10

08-07-2022 07:38

220708-jgdeyshfc9 10

08-07-2022 07:36

220708-jfkgwafedq 10

08-07-2022 07:30

220708-jb7fvafdaj 10

Analysis

  • max time kernel
    202s
  • max time network
    213s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    08-07-2022 07:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    boot_00430000.dll

  • Size

    75KB

  • MD5

    0ea80c1fd7481bc1fbfe86470069ec81

  • SHA1

    6aaed5570b9af39ae45c43367d0cfa67c7199e42

  • SHA256

    a8c453e85ccd4ca6a99e83036a736cc904b1b96b4a78d4e33c50c31136226a7a

  • SHA512

    1a01e86a5901829e79bd8d625119cbb562228ccd0527bf17bb213209489937fa0bd4987171deaca88c434fb368831e3ee9a6a779be6d28662e4e57cfb7f40e5a

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\boot_00430000.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1468
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\boot_00430000.dll,#1
      2⤵
        PID:1972
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1968
      • C:\Windows\system32\cmd.exe
        "cmd.exe" /s /k pushd "C:\Users\Admin\AppData\Local\Temp"
        1⤵
          PID:1152

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1968-56-0x000007FEFC5C1000-0x000007FEFC5C3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1972-54-0x0000000000000000-mapping.dmp

          Download

        • memory/1972-55-0x0000000076C81000-0x0000000076C83000-memory.dmp

          Filesize

          8KB

          Download