Analysis
-
max time kernel
70s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
16-09-2022 21:20
Behavioral task
behavioral1
Sample
chrome.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
chrome.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
chrome.dll
-
Size
13KB
-
MD5
4e8332927dff181370d56c2607b56b93
-
SHA1
f7352614ddcaf1bd74bc7d7d20618bf1b7eb595b
-
SHA256
cad7cb599b77e5ed5daa2270ade48f28a2a3cb32a048cc22dd13669f51fc29a4
-
SHA512
cf77a07850633def9996e66cbda54dd24f3cef7fcc250fba54cf2ab62a63b209083c95d1c226b4003f1811f6eac5df59a1436835159ecc660798666ee4911d01
-
SSDEEP
192:UTlyEnTBZ1eRfBzZGyVQ+PgcD4XJLVoi89bRytrPje:8l/TBZ0TzZGyy+X8J6i89bMPj
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 14 1124 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4400 wrote to memory of 1124 4400 rundll32.exe rundll32.exe PID 4400 wrote to memory of 1124 4400 rundll32.exe rundll32.exe PID 4400 wrote to memory of 1124 4400 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\chrome.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\chrome.dll,#12⤵
- Blocklisted process makes network request
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1124-132-0x0000000000000000-mapping.dmp