Analysis

  • max time kernel
    174s
  • max time network
    210s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 22:18

General

  • Target

    autocopy/diskcopy.dll

  • Size

    36KB

  • MD5

    17d46b1daebb0db9c0905bc5270ff36b

  • SHA1

    830df71f43ac6d213557592313d980d32d83b5be

  • SHA256

    2f77e94fc834a2fffa1f7f9ebf72a0ef8913b361b1d2abbe85cbe323bfb26c3a

  • SHA512

    adaf390e7b9559058b4e552ebb38c2283e69c5f79c75561aca31476baf9849228cd6a7d83cb16dd89f1bf16999b6c6fd3ba9fa5262e20a2d7d38974f7b60817d

  • SSDEEP

    384:Q0OuGRgTNHhFJRmlMPNynvRyhKHHEoZo94heI3:ouAgTNBxknJhHHdZo92

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\autocopy\diskcopy.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4380
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\autocopy\diskcopy.dll,#1
      2⤵
        PID:4540

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4540-132-0x0000000000000000-mapping.dmp