Analysis
-
max time kernel
181s -
max time network
189s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
07-11-2022 15:05
Static task
static1
Behavioral task
behavioral1
Sample
9bc37d8047ad5712875ea70fc6af7c77627464a8a4571020f0a0817498fca766.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
9bc37d8047ad5712875ea70fc6af7c77627464a8a4571020f0a0817498fca766.dll
-
Size
346KB
-
MD5
05cde7fe4b14f2af2fee9040942ba4cc
-
SHA1
dab6b16ce7b4fc668518f8002e690b79b4264675
-
SHA256
9bc37d8047ad5712875ea70fc6af7c77627464a8a4571020f0a0817498fca766
-
SHA512
8bf586730cb3a0d74c137600b9c32225ac7cca1eb5d13da5e22d148bb64b52574d4fc0a67776320012c01428d0d8a5a8484eb55849de93739d231d3af5dc8c26
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q09:jDgtfRQUHPw06MoV2nwTBlhm8V
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4624 wrote to memory of 728 4624 rundll32.exe rundll32.exe PID 4624 wrote to memory of 728 4624 rundll32.exe rundll32.exe PID 4624 wrote to memory of 728 4624 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9bc37d8047ad5712875ea70fc6af7c77627464a8a4571020f0a0817498fca766.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4624 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9bc37d8047ad5712875ea70fc6af7c77627464a8a4571020f0a0817498fca766.dll,#12⤵PID:728
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/728-132-0x0000000000000000-mapping.dmp