Analysis
-
max time kernel
41s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 18:59
Static task
static1
Behavioral task
behavioral1
Sample
f48b23d0a3cfd8eff1aff4db9a601892327506fab735906869a6fa8f0b729605.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f48b23d0a3cfd8eff1aff4db9a601892327506fab735906869a6fa8f0b729605.dll
Resource
win10v2004-20220901-en
General
-
Target
f48b23d0a3cfd8eff1aff4db9a601892327506fab735906869a6fa8f0b729605.dll
-
Size
652KB
-
MD5
3f94944ad7470233f63bd723f81d6104
-
SHA1
b55b68d3e68e64cadba8202737d3f1e404e3966a
-
SHA256
f48b23d0a3cfd8eff1aff4db9a601892327506fab735906869a6fa8f0b729605
-
SHA512
5712cdd12f08e3bf1d96c92502051298ae1800d3cc2b0defd9ebe02b4a0448b29c927a37efa942c1ebd875d902a61b36fb1eef38e42b05ba35a96bd985e762f2
-
SSDEEP
12288:euYZhMltDoD+OSt+9jajk5RnchUgiW6QR7t553Ooc8NHkC2euBG8fnyAQ:dOhMltDoqvCjajk59g3Ooc8NHkC2eWGB
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 832 wrote to memory of 1204 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 1204 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 1204 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 1204 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 1204 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 1204 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 1204 832 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f48b23d0a3cfd8eff1aff4db9a601892327506fab735906869a6fa8f0b729605.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f48b23d0a3cfd8eff1aff4db9a601892327506fab735906869a6fa8f0b729605.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1204-54-0x0000000000000000-mapping.dmp
-
memory/1204-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmpFilesize
8KB
-
memory/1204-56-0x000000007C420000-0x000000007C4C4000-memory.dmpFilesize
656KB
-
memory/1204-57-0x000000007C420000-0x000000007C4C4000-memory.dmpFilesize
656KB
-
memory/1204-58-0x000000007C420000-0x000000007C4C4000-memory.dmpFilesize
656KB