Analysis
-
max time kernel
191s -
max time network
204s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 11:06
Static task
static1
Behavioral task
behavioral1
Sample
3dc80b0511260f6e13d5f5dca7ab74560f0e4f6799ae92e7cdbd7c2c2755b7e6.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
3dc80b0511260f6e13d5f5dca7ab74560f0e4f6799ae92e7cdbd7c2c2755b7e6.dll
Resource
win10v2004-20221111-en
General
-
Target
3dc80b0511260f6e13d5f5dca7ab74560f0e4f6799ae92e7cdbd7c2c2755b7e6.dll
-
Size
206KB
-
MD5
b0e8affde449f2ab47a76e0f2f5549a6
-
SHA1
e95f2aaed68ca3cb90864c8e13ded8424857624a
-
SHA256
3dc80b0511260f6e13d5f5dca7ab74560f0e4f6799ae92e7cdbd7c2c2755b7e6
-
SHA512
90444493bd5cf74bd4f1639bd1895003905c8841fb60c36e831b0eeb71a10a117d0dd2bccd4917aadfd6fe556fe5b15edcb655e5db4221229fc06636b20cbe78
-
SSDEEP
3072:q/7T17mNOd9vhJ6gj82BJ8oSIPxwXQrAkDD3gQTNO2qUTgkIRO2+9zHnRBjIm93f:q/7FmsdIKlJPxwx+wGDqYrIRB+9zb
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1104 wrote to memory of 4104 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 4104 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 4104 1104 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3dc80b0511260f6e13d5f5dca7ab74560f0e4f6799ae92e7cdbd7c2c2755b7e6.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3dc80b0511260f6e13d5f5dca7ab74560f0e4f6799ae92e7cdbd7c2c2755b7e6.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4104-132-0x0000000000000000-mapping.dmp