Analysis
-
max time kernel
41s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 19:02
Static task
static1
Behavioral task
behavioral1
Sample
1c7bf208aba566dbee259bc43ed32765cc6eacd4b0e8fd1402a548ce0d9b0287.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1c7bf208aba566dbee259bc43ed32765cc6eacd4b0e8fd1402a548ce0d9b0287.dll
Resource
win10v2004-20220812-en
General
-
Target
1c7bf208aba566dbee259bc43ed32765cc6eacd4b0e8fd1402a548ce0d9b0287.dll
-
Size
274KB
-
MD5
1a3650b8567d5ebe8eb8b26c16c50067
-
SHA1
b44b2729b4833f158c25c938c5685b44d2b95338
-
SHA256
1c7bf208aba566dbee259bc43ed32765cc6eacd4b0e8fd1402a548ce0d9b0287
-
SHA512
a47fb2529b5460ddf5814d81078ecf526a9b9535442f26a36f994a9e7e15d5515cb0fbefc06e896f60980ea37d9f168edfa1c4dd06fa356d21ead5d3267f13f6
-
SSDEEP
6144:vOSjIXo9jPDv5eisvDs8W7s9ZuJrUO//oOqzTzlUK/zNFe5kQn:2549zDUis7s8W7GYAOqWAMiQ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2036 wrote to memory of 1852 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1852 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1852 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1852 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1852 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1852 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 1852 2036 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1c7bf208aba566dbee259bc43ed32765cc6eacd4b0e8fd1402a548ce0d9b0287.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1c7bf208aba566dbee259bc43ed32765cc6eacd4b0e8fd1402a548ce0d9b0287.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1852-54-0x0000000000000000-mapping.dmp
-
memory/1852-55-0x0000000075521000-0x0000000075523000-memory.dmpFilesize
8KB
-
memory/1852-57-0x00000000736D1000-0x000000007370F000-memory.dmpFilesize
248KB
-
memory/1852-56-0x00000000736D0000-0x000000007371C000-memory.dmpFilesize
304KB