Overview

overview

3

Static

static

258a9a4518...81.dll

windows7-x64

1

258a9a4518...81.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    18s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 18:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    258a9a45189300657c9d7ae4bfa19381b1a8afb262c9c93554ef53f2a1af9281.dll

  • Size

    172KB

  • MD5

    3598e834525fb8996e3107a13eeb129b

  • SHA1

    75861055d90861e1182ca22aa3a306f1fcaa8439

  • SHA256

    258a9a45189300657c9d7ae4bfa19381b1a8afb262c9c93554ef53f2a1af9281

  • SHA512

    2b85351ecc1aa449b53c727da3f9fb0aa71d40efb9bc4f55b8aa0e6b308f489771378dd681181f6f0222655e65725a1c252c60a5ef3988da527368ea3dc54efc

  • SSDEEP

    3072:TUj9pz1thi8FgocXWj0VOpb565oXEfF2Kpfu+ni7rsaImVDYdVw4:wbYhocXWjYk5H0YArYgp/

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\258a9a45189300657c9d7ae4bfa19381b1a8afb262c9c93554ef53f2a1af9281.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:336
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\258a9a45189300657c9d7ae4bfa19381b1a8afb262c9c93554ef53f2a1af9281.dll,#1
      2⤵
        PID:1120

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1120-54-0x0000000000000000-mapping.dmp

      Download

    • memory/1120-55-0x0000000076B51000-0x0000000076B53000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1120-56-0x00000000001D0000-0x00000000001F3000-memory.dmp

      Filesize

      140KB

      Download

    • memory/1120-57-0x0000000010000000-0x000000001005B000-memory.dmp

      Filesize

      364KB

      Download