Analysis
-
max time kernel
145s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 12:46
Static task
static1
Behavioral task
behavioral1
Sample
ed78a3006281aa03b57c72baf76b32fe37a2038e5993d42221ec1ff4d3acf442.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ed78a3006281aa03b57c72baf76b32fe37a2038e5993d42221ec1ff4d3acf442.dll
Resource
win10v2004-20220812-en
General
-
Target
ed78a3006281aa03b57c72baf76b32fe37a2038e5993d42221ec1ff4d3acf442.dll
-
Size
395KB
-
MD5
7c87f462348731706f4d7f283f996620
-
SHA1
c13fda3d65318b669c1e6eab738df1d61ec84517
-
SHA256
ed78a3006281aa03b57c72baf76b32fe37a2038e5993d42221ec1ff4d3acf442
-
SHA512
68cb341510bd3590b88af02ce107f4650812ed5fd6215279edb2a6e10373af02015d10d3899beb2b9908354f528bb03e49566c8e8e04261c4a0ce6a11f78ee83
-
SSDEEP
6144:GjCNcMDIoSyTG1LzSTFI1ub50l2GWXID0caDUa2BfFdLhxiYu68uq+XW9lODn:L0L4G5zWmAGYW3fF1ziYu2q+GXm
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4824 wrote to memory of 5008 4824 rundll32.exe rundll32.exe PID 4824 wrote to memory of 5008 4824 rundll32.exe rundll32.exe PID 4824 wrote to memory of 5008 4824 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed78a3006281aa03b57c72baf76b32fe37a2038e5993d42221ec1ff4d3acf442.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed78a3006281aa03b57c72baf76b32fe37a2038e5993d42221ec1ff4d3acf442.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/5008-133-0x0000000000000000-mapping.dmp