Analysis
-
max time kernel
514s -
max time network
517s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
27-10-2022 00:02
Behavioral task
behavioral1
Sample
2952a6ad1ba0a56ea176672f3ec9b1ad8a92836839dc51f592eb253db60c96af_unpacked.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
600 seconds
General
-
Target
2952a6ad1ba0a56ea176672f3ec9b1ad8a92836839dc51f592eb253db60c96af_unpacked.dll
-
Size
261KB
-
MD5
b05251161738b4bc6dee62aa4f21665f
-
SHA1
8ff24b1184e51f2ae864f70114428692b636eaf0
-
SHA256
def9435b8197bb085d459e4dab6e34205e8e99e8c4c7a04de97a0b8a16458893
-
SHA512
60e336088f71a6eb8430faefd7b40068de94c9b554a70332f28d9f24a9416ff950ce65dbb1572d1206084feb5b8f67e81f32fc3cc583058106f712edab593fca
-
SSDEEP
6144:/t6K00pbSzCcqlalSwHnFZkCN5BQfccGjlrwxce4GjE:k8pb0Ccqgl/FXN5BxVrwxcm
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4416 wrote to memory of 4988 4416 rundll32.exe rundll32.exe PID 4416 wrote to memory of 4988 4416 rundll32.exe rundll32.exe PID 4416 wrote to memory of 4988 4416 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2952a6ad1ba0a56ea176672f3ec9b1ad8a92836839dc51f592eb253db60c96af_unpacked.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2952a6ad1ba0a56ea176672f3ec9b1ad8a92836839dc51f592eb253db60c96af_unpacked.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4988-132-0x0000000000000000-mapping.dmp