f25a780095730701efac67e9d5b84bc289afea56d96d8aff8a44af69ae606404 | Triage

Resubmissions

25-11-2022 06:39

221125-hesw7acb7w 1

25-11-2022 03:02

221125-djpccabb6z 1

Analysis

max time kernel
951s
max time network
955s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 06:39

Sharing

Report Analysis Logs

General

Target

ooiwy.dll
Size

316KB
MD5

4e4ae70b6346eae111e31716dc76bc23
SHA1

1e7b9af799048e4112d2468323c5c147e20558f9
SHA256

f25a780095730701efac67e9d5b84bc289afea56d96d8aff8a44af69ae606404
SHA512

c6fe39e0d40ef150017d85719d4b4096244e58bd2384e420370302229d816e212658151fcf22bb847f3c16b4da2402a3f8dfc465dba563c5b0572e710018750e
SSDEEP

6144:v39GX5QjsakVCm+3OgNA0VEXf/DQEuOGAG:v65Qu/+egA0VutG

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4884 wrote to memory of 4864	4884	rundll32.exe	rundll32.exe
PID 4884 wrote to memory of 4864	4884	rundll32.exe	rundll32.exe
PID 4884 wrote to memory of 4864	4884	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ooiwy.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4884

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ooiwy.dll,#1
2⤵
PID:4864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4864-132-0x0000000000000000-mapping.dmp

Download