Analysis
-
max time kernel
131s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
19-11-2022 08:56
Static task
static1
Behavioral task
behavioral1
Sample
08b181ad19b68f68cf5f4ca194c7d926d269d6cbe7fe4b7132b9c8704843c3a7.dll
Resource
win7-20220901-en
windows7-x64
2 signatures
150 seconds
General
-
Target
08b181ad19b68f68cf5f4ca194c7d926d269d6cbe7fe4b7132b9c8704843c3a7.dll
-
Size
746KB
-
MD5
07cc0b8a5f5595167b3ff62221770b10
-
SHA1
76fb49e567cbbfa1c6bd9404b64cfb530a9af089
-
SHA256
08b181ad19b68f68cf5f4ca194c7d926d269d6cbe7fe4b7132b9c8704843c3a7
-
SHA512
87ecba8b9332bb96c661c3a70920089123654b23b5900cd8287004c7a1f6db2209f05373889e42d6ba9025cdcb865d025a479ec01879ea7dbc5156549bec1969
-
SSDEEP
6144:jDgtfRQUHPw06MoV2nwTBlhm8zDgtfRQUHPw06MoV2nwTBlhm8T:jDgN6MoIwT3vDgN6MoIwT33
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2220 wrote to memory of 2360 2220 rundll32.exe rundll32.exe PID 2220 wrote to memory of 2360 2220 rundll32.exe rundll32.exe PID 2220 wrote to memory of 2360 2220 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\08b181ad19b68f68cf5f4ca194c7d926d269d6cbe7fe4b7132b9c8704843c3a7.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\08b181ad19b68f68cf5f4ca194c7d926d269d6cbe7fe4b7132b9c8704843c3a7.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2360-132-0x0000000000000000-mapping.dmp