Overview

overview

1

Static

static

1bf81d5b7a...43.dll

windows7-x64

1

1bf81d5b7a...43.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2022, 09:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1bf81d5b7a4e454a1ffc06ac6e9fbf09ef3b6bf93455209badbe2d2d60128f43.dll

  • Size

    6KB

  • MD5

    61e7edb162b988be779d331e82e213b5

  • SHA1

    2d5442172566f72049b3ada8740853e4f84f2414

  • SHA256

    1bf81d5b7a4e454a1ffc06ac6e9fbf09ef3b6bf93455209badbe2d2d60128f43

  • SHA512

    d5e1cf53095cb54e42558bacb664a4611a5b31087e8fa7896b8f235fe12829a50ebb6328960514635fe329fc46feab5e193072f18d4adf16139b02471424a9a4

  • SSDEEP

    96:Hxvtj+jhjvj3jcZGOiIvAwsAH12yrY/nrxMJGk2YUOGytGS10AUc9YiGG:H5t6djbgYRq+/wxvvl3

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bf81d5b7a4e454a1ffc06ac6e9fbf09ef3b6bf93455209badbe2d2d60128f43.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3292
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bf81d5b7a4e454a1ffc06ac6e9fbf09ef3b6bf93455209badbe2d2d60128f43.dll,#1
      2⤵
        PID:3268

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads