Overview

overview

9

Static

static

9

38b4da3652...9d.dll

windows7-x64

1

38b4da3652...9d.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    170s
  • max time network
    192s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 07:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38b4da365289b5a66f07fa820801a0f64cbf52a90d951f1eb5bcda266b5ad89d.dll

  • Size

    75KB

  • MD5

    9c4880b8dde58813119b372618ee1197

  • SHA1

    ed2a77021080faa00c1ca86b99955dc2e38bfe09

  • SHA256

    38b4da365289b5a66f07fa820801a0f64cbf52a90d951f1eb5bcda266b5ad89d

  • SHA512

    a4a8510dad0a92a9491f78fd56666a174c3cc32f331082049882cfcc20a4dae99ea956c544711320558de9433fbcc8f4a55997c3df37da76ca3268e5ed29fea8

  • SSDEEP

    1536:9Owg6BqOQPxFn+4CF45a02ng1Qw0Z74vps4KF+MkLtPR2oNK:9Hu5FnOF45eg13DKILtPR2oNK

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\38b4da365289b5a66f07fa820801a0f64cbf52a90d951f1eb5bcda266b5ad89d.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3484
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\38b4da365289b5a66f07fa820801a0f64cbf52a90d951f1eb5bcda266b5ad89d.dll,#1
      2⤵
        PID:4496

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4496-132-0x0000000000000000-mapping.dmp

      Download

    • memory/4496-133-0x0000000010000000-0x0000000010032000-memory.dmp

      Filesize

      200KB

      Download