Analysis
-
max time kernel
74s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 23:21
Behavioral task
behavioral1
Sample
0051ec3ce24a724331f265b85a547e56199e3553aaae3fb652b66400ca599900.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0051ec3ce24a724331f265b85a547e56199e3553aaae3fb652b66400ca599900.dll
Resource
win10v2004-20220901-en
General
-
Target
0051ec3ce24a724331f265b85a547e56199e3553aaae3fb652b66400ca599900.dll
-
Size
170KB
-
MD5
44f16435d573f1df05091576f434d5e0
-
SHA1
2801909c1b907d2f7d70ff67cdf04246236e4eba
-
SHA256
0051ec3ce24a724331f265b85a547e56199e3553aaae3fb652b66400ca599900
-
SHA512
d74c7e0a553a19ceb4df8486dc7ee1e8400cba5de64bcdb93a89328b9956aa0d8ebd2b43fcebd4319f98f3ddde1e802e8ae5ad899ba45fa3340ea551d8903aa8
-
SSDEEP
3072:UTtvejdXwDj5cciTeLOjRrJyRQFmHftiqibIojqlfI1+EWvqj:C2XPbGO1JSIwftiqisoelfVa
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
rundll32.exepid process 1960 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3720 wrote to memory of 1960 3720 rundll32.exe rundll32.exe PID 3720 wrote to memory of 1960 3720 rundll32.exe rundll32.exe PID 3720 wrote to memory of 1960 3720 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0051ec3ce24a724331f265b85a547e56199e3553aaae3fb652b66400ca599900.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3720 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0051ec3ce24a724331f265b85a547e56199e3553aaae3fb652b66400ca599900.dll,#12⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:1960
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1960-132-0x0000000000000000-mapping.dmp