Overview

overview

8

Static

static

030aedf498...76.dll

windows7-x64

8

030aedf498...76.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    137s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 13:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    030aedf498ee37fc9722238e43fd39f5cb984f0e6a86915d30eda69921de0d76.dll

  • Size

    489KB

  • MD5

    1aea9113ae5e60e3f5494d4e34fb113d

  • SHA1

    d6512ec1ed1b046256a2d1d45c1c61e1d6c96140

  • SHA256

    f524cdc6225f17080cbfef59486da73a75a3eb5814e12fae029e7b53418f18df

  • SHA512

    ba1839206ecfd1e1ce8e676cfaad58d077eb91059bb683fab60e70e8a11a064c19eb70f9b7164d0b2f5fd4848e72eb5c17c6bad9d939fe649af5cf2ff07c589b

  • SSDEEP

    6144:ayIyWeddvZz2Kxn2ZJUa5Vmp9GGlyxHb4Ja/U:7vdVR9Ha52G+qHb4E/U

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\030aedf498ee37fc9722238e43fd39f5cb984f0e6a86915d30eda69921de0d76.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4384
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\030aedf498ee37fc9722238e43fd39f5cb984f0e6a86915d30eda69921de0d76.dll,#1
      2⤵
      • Blocklisted process makes network request
      PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2824-132-0x0000000000000000-mapping.dmp
    Download
  • memory/2824-133-0x0000000002730000-0x0000000002737000-memory.dmp
    Filesize

    28KB

    Download