Analysis
-
max time kernel
496s -
max time network
500s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
27-10-2022 00:02
Behavioral task
behavioral1
Sample
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061_dump_0x032E0000.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061_dump_0x032E0000.dll
Resource
win10v2004-20220901-en
General
-
Target
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061_dump_0x032E0000.dll
-
Size
292KB
-
MD5
e62516c6b9eddf76a31d42ded79fca1b
-
SHA1
fbaa8fbb39d2ffd8d50c53ef5d1ee1a9be1aa2d5
-
SHA256
b94230145638440e89d1bf9e10d3f7dddae17bea673de5cdffd6ff65d38fe669
-
SHA512
ff6b321129b761094a2f955eb81c8b768b472d027d3797123152ee86d2d0b297d3f419de2351e70f3921ffa6d1711bed03bcf09ace4ef9d78831313992e3ff7e
-
SSDEEP
6144:UCGyYNuNF9Sz3QSHFg9O7VTSo5ru4d++Njdqlalwcw9QzgF4:qtkbMbFh52htIjdqglwcw9hq
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 864 wrote to memory of 1456 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 1456 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 1456 864 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061_dump_0x032E0000.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061_dump_0x032E0000.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1456-132-0x0000000000000000-mapping.dmp