Analysis
-
max time kernel
136s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
20-10-2022 21:03
Static task
static1
Behavioral task
behavioral1
Sample
1480777c361ac1d398cc26c90215de629733f66d60dcbd5970700db0ce786ae1.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1480777c361ac1d398cc26c90215de629733f66d60dcbd5970700db0ce786ae1.dll
Resource
win10v2004-20220901-en
General
-
Target
1480777c361ac1d398cc26c90215de629733f66d60dcbd5970700db0ce786ae1.dll
-
Size
973KB
-
MD5
8c658b9b02814927124351484c42a272
-
SHA1
85c346b2d6d0306a5bf7f276e82d9984c167e8ea
-
SHA256
1480777c361ac1d398cc26c90215de629733f66d60dcbd5970700db0ce786ae1
-
SHA512
28f9fcd72e5beceef4e7442e7bac02c0b5060c71403af34aabb78f4871c28bfdf88f4a50da8988fbbc07429466db6c05dd4f3292cabedf913ccbd532086deba3
-
SSDEEP
12288:bDDjN50jO7rPxxYnCOWMrZlTf6ahp+3NV6ZZveATYAyvPzXTwnX1cQ47gcckpPWy:/vf3ZKnZDyYxr6AVIY7wOM058ZxM
Malware Config
Signatures
-
Blocklisted process makes network request 4 IoCs
flow pid Process 2 1536 rundll32.exe 6 1536 rundll32.exe 7 1536 rundll32.exe 8 1536 rundll32.exe -
Suspicious use of WriteProcessMemory 15 IoCs
description pid Process procid_target PID 1388 wrote to memory of 1536 1388 rundll32.exe 26 PID 1388 wrote to memory of 1536 1388 rundll32.exe 26 PID 1388 wrote to memory of 1536 1388 rundll32.exe 26 PID 1388 wrote to memory of 1536 1388 rundll32.exe 26 PID 1388 wrote to memory of 1536 1388 rundll32.exe 26 PID 1388 wrote to memory of 1536 1388 rundll32.exe 26 PID 1388 wrote to memory of 1536 1388 rundll32.exe 26 PID 1536 wrote to memory of 760 1536 rundll32.exe 27 PID 1536 wrote to memory of 760 1536 rundll32.exe 27 PID 1536 wrote to memory of 760 1536 rundll32.exe 27 PID 1536 wrote to memory of 760 1536 rundll32.exe 27 PID 1536 wrote to memory of 1796 1536 rundll32.exe 29 PID 1536 wrote to memory of 1796 1536 rundll32.exe 29 PID 1536 wrote to memory of 1796 1536 rundll32.exe 29 PID 1536 wrote to memory of 1796 1536 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1480777c361ac1d398cc26c90215de629733f66d60dcbd5970700db0ce786ae1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1388 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1480777c361ac1d398cc26c90215de629733f66d60dcbd5970700db0ce786ae1.dll,#12⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
PID:1536 -
C:\Windows\SysWOW64\cmd.execmd /c "echo Commands" >> C:\Users\Admin\AppData\Local\Temp\C5B4.tmp3⤵PID:760
-
-
C:\Windows\SysWOW64\cmd.execmd /c "dir" >> C:\Users\Admin\AppData\Local\Temp\C5B4.tmp3⤵PID:1796
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5bfd5066b7a16fe69b18de8253ee3ba9f
SHA1f25b2f3e34e45f974efb174125d60bd9bebfc836
SHA256aededac5c125ee5f74342b81232162f717bcdda82249599a19b113dc6a78716a
SHA5129b763fa5083f9cb8edbabb0b0e0da46cd943ac05820abb413aa723d425b79a5c23454e4e2c8196ca42b872fe7f7e55186841e8e2ae06306ab36bf4d721c75b3c
-
Filesize
3KB
MD5bfd5066b7a16fe69b18de8253ee3ba9f
SHA1f25b2f3e34e45f974efb174125d60bd9bebfc836
SHA256aededac5c125ee5f74342b81232162f717bcdda82249599a19b113dc6a78716a
SHA5129b763fa5083f9cb8edbabb0b0e0da46cd943ac05820abb413aa723d425b79a5c23454e4e2c8196ca42b872fe7f7e55186841e8e2ae06306ab36bf4d721c75b3c