41120e3a67adf60660a944f4407a4e55e2913c7d4e46710653675e3ad20cf64c | Triage

Analysis

max time kernel
224s
max time network
333s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 09:19

Sharing

Report Analysis Logs

General

Target

sky net for W3/streamreader.dll
Size

48KB
MD5

7c9b31edce810534796697146e103222
SHA1

e17e66f26d6840007c2355acfde8fae1d54f4f59
SHA256

c17cb58958d93b9aeef624e17527e0f59715c742be173b45c094ad6f9bdeb868
SHA512

9e8e3c661daf10d3d9ed5fe3a94b78cca32e29bf4c8e82423e2daf93b757973727726bc102c48c4b7ff729d3d7a73f60943c3674b256ea5f7965b2a934575b0b
SSDEEP

768:5tJUFk1YUoKnFmy1Lo3iM74/9FOrYDACzd2cI:nJUmJoKnFmy1L2iJ7DACBV

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 544 wrote to memory of 1472	544	rundll32.exe	28
PID 544 wrote to memory of 1472	544	rundll32.exe	28
PID 544 wrote to memory of 1472	544	rundll32.exe	28
PID 544 wrote to memory of 1472	544	rundll32.exe	28
PID 544 wrote to memory of 1472	544	rundll32.exe	28
PID 544 wrote to memory of 1472	544	rundll32.exe	28
PID 544 wrote to memory of 1472	544	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sky net for W3\streamreader.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sky net for W3\streamreader.dll",#1
  2⤵
  PID:1472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1472-55-0x0000000075531000-0x0000000075533000-memory.dmp

Filesize
8KB

Download