Analysis
-
max time kernel
139s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03-10-2022 01:57
Static task
static1
Behavioral task
behavioral1
Sample
a091eb87d70487866bc23fc26b7ad281abf023821946a93b4ce4dfd72779d678.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
a091eb87d70487866bc23fc26b7ad281abf023821946a93b4ce4dfd72779d678.dll
-
Size
354KB
-
MD5
0932b4752bb2421f4862ee85159265ec
-
SHA1
2f63eb28f02bb43768de0671a3dcc887a383a9fa
-
SHA256
a091eb87d70487866bc23fc26b7ad281abf023821946a93b4ce4dfd72779d678
-
SHA512
b2791070e69108edb03093fd3fc83dee9968cd419cf9808dd465a27ceb474166775c1c28b3507a6abb3a02d2e061bc573257dc829a8b35c6878f7f241c5a1bf5
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0Q:jDgtfRQUHPw06MoV2nwTBlhm8Y
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4920 wrote to memory of 4932 4920 rundll32.exe rundll32.exe PID 4920 wrote to memory of 4932 4920 rundll32.exe rundll32.exe PID 4920 wrote to memory of 4932 4920 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a091eb87d70487866bc23fc26b7ad281abf023821946a93b4ce4dfd72779d678.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a091eb87d70487866bc23fc26b7ad281abf023821946a93b4ce4dfd72779d678.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4932-132-0x0000000000000000-mapping.dmp