Analysis
-
max time kernel
175s -
max time network
213s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
24-11-2022 11:19
Behavioral task
behavioral1
Sample
2a6f9a095ecd97783727b0097e33961315ff90fd49b21404c4312e549b2fa821.dll
Resource
win7-20220901-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2a6f9a095ecd97783727b0097e33961315ff90fd49b21404c4312e549b2fa821.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
2a6f9a095ecd97783727b0097e33961315ff90fd49b21404c4312e549b2fa821.dll
-
Size
143KB
-
MD5
76bf3e46049e4821d8352c89ffa55a06
-
SHA1
d0cea01177b743d8fe8241ea2afe256ce415a9cd
-
SHA256
2a6f9a095ecd97783727b0097e33961315ff90fd49b21404c4312e549b2fa821
-
SHA512
a5df9ea3b0d75e3b0bf292439ba945c33095ba2fa7799d4d91f1b25c51f5d3f94740d1909fcb7dc1da278ea0e06e76937d461c9586195614e0bd4f0dee58e21a
-
SSDEEP
3072:hWQhO8LQCEPY9UXCnx/JlOZ7TpFPE/UkKyjLoowQXID:hWiLXkZCng+vjlwQXY
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5080 wrote to memory of 1900 5080 rundll32.exe rundll32.exe PID 5080 wrote to memory of 1900 5080 rundll32.exe rundll32.exe PID 5080 wrote to memory of 1900 5080 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2a6f9a095ecd97783727b0097e33961315ff90fd49b21404c4312e549b2fa821.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2a6f9a095ecd97783727b0097e33961315ff90fd49b21404c4312e549b2fa821.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1900-132-0x0000000000000000-mapping.dmp