Analysis
-
max time kernel
117s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 23:44
Static task
static1
Behavioral task
behavioral1
Sample
14154df4a78dd5275bfb500039bf409ecaa08bd0578ca5ffb55d8088d37aa87c.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
14154df4a78dd5275bfb500039bf409ecaa08bd0578ca5ffb55d8088d37aa87c.dll
Resource
win10v2004-20220901-en
General
-
Target
14154df4a78dd5275bfb500039bf409ecaa08bd0578ca5ffb55d8088d37aa87c.dll
-
Size
287KB
-
MD5
4229afc39bf9aa81526a270a3c8ee7f1
-
SHA1
dd04a8e9e9fc03ff31fc059c8b4350166586eabe
-
SHA256
14154df4a78dd5275bfb500039bf409ecaa08bd0578ca5ffb55d8088d37aa87c
-
SHA512
7227b26de1621132e09a1f9ffa4bf8dfdf1d50737c23f5825587013b94a4dd2ea990c7283c56236cb44a9b5e9dbc141507e138f15414132adc8ad30698dbf3a6
-
SSDEEP
3072:F0+LyPPPvvcSRYun5wGUacVrmR6kIJKYrAjH/ltU9mZdyEWgwxAOTwEhZZ/jPqD0:DLyXtSun5E/jtPuhWgQ/LXjiUQCUB
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3108 wrote to memory of 2564 3108 rundll32.exe rundll32.exe PID 3108 wrote to memory of 2564 3108 rundll32.exe rundll32.exe PID 3108 wrote to memory of 2564 3108 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14154df4a78dd5275bfb500039bf409ecaa08bd0578ca5ffb55d8088d37aa87c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14154df4a78dd5275bfb500039bf409ecaa08bd0578ca5ffb55d8088d37aa87c.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2564-132-0x0000000000000000-mapping.dmp