Analysis

  • max time kernel
    138s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-08-2022 15:48

General

  • Target

    870475779d35088d746aafdab1d205e7dceddf9d236d97e049ecee760dd87508.dll

  • Size

    1.7MB

  • MD5

    1c3839d314110e032334339ac20ee785

  • SHA1

    a5dd1679c30f444e8d8369cbf5c94840cdac987f

  • SHA256

    870475779d35088d746aafdab1d205e7dceddf9d236d97e049ecee760dd87508

  • SHA512

    3b5112eef7baad4ced7557fbd0bb96d6385d0b6767596b1450dae72773d113d5bffd42f6a881f20eda65c6c1a4a898f48dcf4d2600445d1b2150f147e27d48eb

  • SSDEEP

    24576:nKtpZm23yqec9S5hZqT5/ZMoK3EHBCTFvfrr+E+OLzO9AO4k17vvoA+rXBxQHKbC:nC3LoqNG0HBi1X+5OmmPA7Hj+hb

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\870475779d35088d746aafdab1d205e7dceddf9d236d97e049ecee760dd87508.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\870475779d35088d746aafdab1d205e7dceddf9d236d97e049ecee760dd87508.dll,#1
      2⤵
        PID:856

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/856-132-0x0000000000000000-mapping.dmp