Overview

overview

10

Static

static

10

a9c68d5272...ed.dll

windows7-x64

8

a9c68d5272...ed.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    599s
  • max time network
    603s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-10-2022 23:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a9c68d527223db40014d067cf4fdae5be46cca67387e9cfdff118276085f23ef_unpacked.dll

  • Size

    119KB

  • MD5

    959ff528ddbee66e49992cd654d41bab

  • SHA1

    7b54da1fb2cbe877b13de309c01a7112224e1f40

  • SHA256

    a3c14b0b4756017ee248d0fa029196060ca1f75a1fab7e9d81c74fbaac6a4797

  • SHA512

    ef0852311f23f255624c31f320847b5d6ea2da86d81e0693207444b39b73a0f58a0e3f847c585e1a734dc902b1a429c53e193f742e81a60399ac061e76623b54

  • SSDEEP

    3072:ZqZol+l/2YQ8S6/aI34vxV7W4LgW3DQumyKBLGMzJo:sugl/nQS3ExV7lkWrKBCMz

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 27 IoCs
  • Suspicious behavior: EnumeratesProcesses 56 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a9c68d527223db40014d067cf4fdae5be46cca67387e9cfdff118276085f23ef_unpacked.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1356
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a9c68d527223db40014d067cf4fdae5be46cca67387e9cfdff118276085f23ef_unpacked.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      PID:1308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1308-132-0x0000000000000000-mapping.dmp
    Download