Analysis
-
max time kernel
30s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 17:11
Static task
static1
Behavioral task
behavioral1
Sample
7ff90b92b395de18aa89d653bb97ebc694e1d552f34763fa70a0bc8de5fe959b.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
7ff90b92b395de18aa89d653bb97ebc694e1d552f34763fa70a0bc8de5fe959b.dll
Resource
win10v2004-20221111-en
General
-
Target
7ff90b92b395de18aa89d653bb97ebc694e1d552f34763fa70a0bc8de5fe959b.dll
-
Size
159KB
-
MD5
35bc6ead6a1c06bd243e293f855ed848
-
SHA1
55a01a73388d4396536e74376b4fd1681920a9a8
-
SHA256
7ff90b92b395de18aa89d653bb97ebc694e1d552f34763fa70a0bc8de5fe959b
-
SHA512
9250c90bd63df938796065e82310e8cdeea6d7f6b375cd679fbd431cdedd670535565f17c7d30b6ac7d09e11ebf77953d5fa7c98af1791342bd0d1193c8a2d09
-
SSDEEP
3072:pG6Y+kD84LYxXJ7weAn0C2cJaJFs0r9gkJKqDm+TAnBRjvt:Rhy0C2ckJ4f+iBRjv
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1616 wrote to memory of 1664 1616 rundll32.exe rundll32.exe PID 1616 wrote to memory of 1664 1616 rundll32.exe rundll32.exe PID 1616 wrote to memory of 1664 1616 rundll32.exe rundll32.exe PID 1616 wrote to memory of 1664 1616 rundll32.exe rundll32.exe PID 1616 wrote to memory of 1664 1616 rundll32.exe rundll32.exe PID 1616 wrote to memory of 1664 1616 rundll32.exe rundll32.exe PID 1616 wrote to memory of 1664 1616 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7ff90b92b395de18aa89d653bb97ebc694e1d552f34763fa70a0bc8de5fe959b.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7ff90b92b395de18aa89d653bb97ebc694e1d552f34763fa70a0bc8de5fe959b.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1664-54-0x0000000000000000-mapping.dmp
-
memory/1664-55-0x0000000075C81000-0x0000000075C83000-memory.dmpFilesize
8KB
-
memory/1664-56-0x0000000010000000-0x0000000010023000-memory.dmpFilesize
140KB
-
memory/1664-57-0x0000000010000000-0x0000000010023000-memory.dmpFilesize
140KB
-
memory/1664-58-0x0000000040960000-0x0000000040971000-memory.dmpFilesize
68KB