Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03-10-2022 01:57
Static task
static1
Behavioral task
behavioral1
Sample
1a083ff2e8ed62b27c30f3db8fed26f2e0b2492420e2f0c3bacbb09d8ed6c538.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
1a083ff2e8ed62b27c30f3db8fed26f2e0b2492420e2f0c3bacbb09d8ed6c538.dll
-
Size
433KB
-
MD5
417401e4044554d4be7103a52d33f530
-
SHA1
b16740c050183e06c4a4c464ff4f48fc3661cd08
-
SHA256
1a083ff2e8ed62b27c30f3db8fed26f2e0b2492420e2f0c3bacbb09d8ed6c538
-
SHA512
26d942f42ca80354b9f75e0ace5aed38fe677baf4a64c87e03cb518e97e982c366c48f3cca037a5dcb6c00e55ac242ec3e3b718577cfec5d0be1819385acd755
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0q:jDgtfRQUHPw06MoV2nwTBlhm8i
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5072 wrote to memory of 4972 5072 rundll32.exe rundll32.exe PID 5072 wrote to memory of 4972 5072 rundll32.exe rundll32.exe PID 5072 wrote to memory of 4972 5072 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1a083ff2e8ed62b27c30f3db8fed26f2e0b2492420e2f0c3bacbb09d8ed6c538.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1a083ff2e8ed62b27c30f3db8fed26f2e0b2492420e2f0c3bacbb09d8ed6c538.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4972-132-0x0000000000000000-mapping.dmp