Analysis
-
max time kernel
90s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
08-09-2022 12:18
Static task
static1
Behavioral task
behavioral1
Sample
4f13d35180b85261aa49bd280ae52c6ff501fcc224ecd8ff729697337e14ce14.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4f13d35180b85261aa49bd280ae52c6ff501fcc224ecd8ff729697337e14ce14.dll
Resource
win10v2004-20220901-en
General
-
Target
4f13d35180b85261aa49bd280ae52c6ff501fcc224ecd8ff729697337e14ce14.dll
-
Size
598KB
-
MD5
da51dd657868bf4d2924b4398e045b27
-
SHA1
2eca78e78bdc00e02da0a7328a3c57176cf3c011
-
SHA256
4f13d35180b85261aa49bd280ae52c6ff501fcc224ecd8ff729697337e14ce14
-
SHA512
ca168c81ebec1de5ffdcb9b766af4c4c4ae42e3a0c49e82c04bc8e9b31fdb30594b6df12a7f3ecddf0d73a352326e8ebd3265caae152bf2d67409b5f3759b1e8
-
SSDEEP
12288:hzF6eBVYHBQ3DvlYuZ+wNvYyujPt5ABJXT+gO:ho1HBuKuj61D4XTK
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4008 wrote to memory of 4492 4008 rundll32.exe rundll32.exe PID 4008 wrote to memory of 4492 4008 rundll32.exe rundll32.exe PID 4008 wrote to memory of 4492 4008 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4f13d35180b85261aa49bd280ae52c6ff501fcc224ecd8ff729697337e14ce14.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4f13d35180b85261aa49bd280ae52c6ff501fcc224ecd8ff729697337e14ce14.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4492-132-0x0000000000000000-mapping.dmp