Analysis
-
max time kernel
28s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
24-11-2022 07:32
General
-
Target
81c2eee5021f9bd2eacd565ce2fd2036f73896c30c9f05d2c0158e8cc6fcd68b.dll
-
Size
105KB
-
MD5
009786c930c56921c500d1d6ca1c47ef
-
SHA1
b3fedb32e8c6d44337bc2326409fe8db590a70b5
-
SHA256
81c2eee5021f9bd2eacd565ce2fd2036f73896c30c9f05d2c0158e8cc6fcd68b
-
SHA512
912fed66a7c21ec067a300204876fbb871efa17082fdf96e1de17852efab5458cacbe8e8da3eed6938ba9b162ec1f1c886a130df251cdd13f2c0f7d8a49b4b4a
-
SSDEEP
3072:GmwAu62lep2pdokh2uex6EcKXGTVz7Zm3rF:dbuTJdNo8EcKXGTVz7ZA
Score
5/10
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\81c2eee5021f9bd2eacd565ce2fd2036f73896c30c9f05d2c0158e8cc6fcd68b.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\81c2eee5021f9bd2eacd565ce2fd2036f73896c30c9f05d2c0158e8cc6fcd68b.dll,#12⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1240-54-0x0000000000000000-mapping.dmp
-
memory/1240-55-0x0000000075001000-0x0000000075003000-memory.dmpFilesize
8KB
-
memory/1240-56-0x0000000074510000-0x0000000074533000-memory.dmpFilesize
140KB
-
memory/1240-57-0x00000000744E0000-0x0000000074503000-memory.dmpFilesize
140KB
-
memory/1240-58-0x0000000074510000-0x0000000074533000-memory.dmpFilesize
140KB