Analysis

  • max time kernel
    124s
  • max time network
    158s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 13:17

General

  • Target

    0f220ebbab71a8568eb0dfff22ea8c77cc05653580dc02ba86ca430c25f285ef.dll

  • Size

    505KB

  • MD5

    9169864057eaed7f170c615ec711cb40

  • SHA1

    db9422e6e9681effbf3eaf1fd01c9d3e5cfd5273

  • SHA256

    9503a7c255e4388459ec68063e49e5f6698f664a591c143b16a8cae883d7bddd

  • SHA512

    0077a4946a80c5e3701ffd50263638bba0b24e7f5eb38a8771e5f6c9f6d98d41c862f19431bd9030033e40fbfb7e85a16c40e2c5e7dd08e65151b4cc749cf989

  • SSDEEP

    6144:VCVHWA+UG7KVisYTnad3ZdfZOOJ4bp5pu43vU:VsW5hNTad3NOm4bHc8U

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f220ebbab71a8568eb0dfff22ea8c77cc05653580dc02ba86ca430c25f285ef.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1532
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f220ebbab71a8568eb0dfff22ea8c77cc05653580dc02ba86ca430c25f285ef.dll,#1
      2⤵
      • Blocklisted process makes network request
      PID:1280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1280-54-0x0000000000000000-mapping.dmp

  • memory/1280-55-0x0000000074C41000-0x0000000074C43000-memory.dmp

    Filesize

    8KB

  • memory/1280-56-0x0000000000160000-0x0000000000167000-memory.dmp

    Filesize

    28KB