Analysis
-
max time kernel
154s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
19-11-2022 08:56
Static task
static1
Behavioral task
behavioral1
Sample
b1d8098d64c04ddbe73311117ec201590282bd4d5ee95c185c294d014c6f6ad0.dll
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
General
-
Target
b1d8098d64c04ddbe73311117ec201590282bd4d5ee95c185c294d014c6f6ad0.dll
-
Size
747KB
-
MD5
44d5623d3a8f02ef707f994f05254270
-
SHA1
7d9d82b88cac63e3295b262feda9f4a0c94bc22b
-
SHA256
b1d8098d64c04ddbe73311117ec201590282bd4d5ee95c185c294d014c6f6ad0
-
SHA512
f37355fb1560e5456765460bf080661c681eff5751947821feb429ba32c98f4e83bacb7bcea6975bf57697fa693bb84622b32bfd0ccdb43351f493a53b09beae
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0n:jDgtfRQUHPw06MoV2nwTBlhm8/
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3444 wrote to memory of 1316 3444 rundll32.exe rundll32.exe PID 3444 wrote to memory of 1316 3444 rundll32.exe rundll32.exe PID 3444 wrote to memory of 1316 3444 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b1d8098d64c04ddbe73311117ec201590282bd4d5ee95c185c294d014c6f6ad0.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b1d8098d64c04ddbe73311117ec201590282bd4d5ee95c185c294d014c6f6ad0.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1316-132-0x0000000000000000-mapping.dmp