Analysis
-
max time kernel
499s -
max time network
502s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
27-10-2022 00:07
Behavioral task
behavioral1
Sample
3953faf955eede8c2220a501a0bc58be7fe58898ecb66a44d4373d2259dc69ff_unpacked.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
600 seconds
General
-
Target
3953faf955eede8c2220a501a0bc58be7fe58898ecb66a44d4373d2259dc69ff_unpacked.dll
-
Size
151KB
-
MD5
215deda6c849d1c2da60253d35ee9e09
-
SHA1
4136b0341013085b16aa6c5568506b14fa88f40e
-
SHA256
b72d412ba4cebb19928816d686b9ef214cbe4e843a4f0760ea1364260595ada8
-
SHA512
9056727a55a98f486f2d9d7815ed5bc2d45d15d5fa0057913b5ce2b35a1dcff74f01f7bf7ee516f460ab98ebc061f20f4b66aaf8bde12c0a675523337a3b0fef
-
SSDEEP
3072:DsajR3l2w1I4c2CtZIwGC2qlalXnuQRAja1dLouddR6d702+ENQzLDgsf5WS:DVR1/gD94qlal+jE8uddkd70B9f/
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5036 wrote to memory of 2016 5036 rundll32.exe rundll32.exe PID 5036 wrote to memory of 2016 5036 rundll32.exe rundll32.exe PID 5036 wrote to memory of 2016 5036 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3953faf955eede8c2220a501a0bc58be7fe58898ecb66a44d4373d2259dc69ff_unpacked.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3953faf955eede8c2220a501a0bc58be7fe58898ecb66a44d4373d2259dc69ff_unpacked.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2016-132-0x0000000000000000-mapping.dmp