Analysis
-
max time kernel
91s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
08-09-2022 13:40
Static task
static1
Behavioral task
behavioral1
Sample
73e9c07b6422fb135f06e0660b24a08be7d5bfe5b77d2b9f0096f8d03af52876.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
73e9c07b6422fb135f06e0660b24a08be7d5bfe5b77d2b9f0096f8d03af52876.dll
Resource
win10v2004-20220901-en
General
-
Target
73e9c07b6422fb135f06e0660b24a08be7d5bfe5b77d2b9f0096f8d03af52876.dll
-
Size
598KB
-
MD5
21fde02f02280fdad7cd446c8bf600c7
-
SHA1
7da9c4a62c742ff5a854ef4fbbaa11e3447e0c97
-
SHA256
73e9c07b6422fb135f06e0660b24a08be7d5bfe5b77d2b9f0096f8d03af52876
-
SHA512
3069734ac96e504bc22502b02a537456740dc99aecb1d78ed1a6adbd30780632dd37af811ab9dc64a71a19889f210a5718a5357dda326fbc53f5828b739eb1f2
-
SSDEEP
12288:czF6eBVYHBQ3DvlYuZ+wNTYyujPt5ABJXT+gb:Oo1HBuKuja1D4XTv
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4844 wrote to memory of 4864 4844 rundll32.exe rundll32.exe PID 4844 wrote to memory of 4864 4844 rundll32.exe rundll32.exe PID 4844 wrote to memory of 4864 4844 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\73e9c07b6422fb135f06e0660b24a08be7d5bfe5b77d2b9f0096f8d03af52876.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\73e9c07b6422fb135f06e0660b24a08be7d5bfe5b77d2b9f0096f8d03af52876.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4864-132-0x0000000000000000-mapping.dmp