Analysis
-
max time kernel
138s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
25-08-2022 15:48
Static task
static1
Behavioral task
behavioral1
Sample
870475779d35088d746aafdab1d205e7dceddf9d236d97e049ecee760dd87508.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
870475779d35088d746aafdab1d205e7dceddf9d236d97e049ecee760dd87508.dll
Resource
win10v2004-20220812-en
General
-
Target
870475779d35088d746aafdab1d205e7dceddf9d236d97e049ecee760dd87508.dll
-
Size
1.7MB
-
MD5
1c3839d314110e032334339ac20ee785
-
SHA1
a5dd1679c30f444e8d8369cbf5c94840cdac987f
-
SHA256
870475779d35088d746aafdab1d205e7dceddf9d236d97e049ecee760dd87508
-
SHA512
3b5112eef7baad4ced7557fbd0bb96d6385d0b6767596b1450dae72773d113d5bffd42f6a881f20eda65c6c1a4a898f48dcf4d2600445d1b2150f147e27d48eb
-
SSDEEP
24576:nKtpZm23yqec9S5hZqT5/ZMoK3EHBCTFvfrr+E+OLzO9AO4k17vvoA+rXBxQHKbC:nC3LoqNG0HBi1X+5OmmPA7Hj+hb
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2856 wrote to memory of 856 2856 rundll32.exe rundll32.exe PID 2856 wrote to memory of 856 2856 rundll32.exe rundll32.exe PID 2856 wrote to memory of 856 2856 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\870475779d35088d746aafdab1d205e7dceddf9d236d97e049ecee760dd87508.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\870475779d35088d746aafdab1d205e7dceddf9d236d97e049ecee760dd87508.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/856-132-0x0000000000000000-mapping.dmp