Analysis
-
max time kernel
162s -
max time network
188s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2022 06:46
Static task
static1
Behavioral task
behavioral1
Sample
f45a1f9b3ae6388ab45f5fe018ce9e0e0199593cf3ab900509473aa68c9c2c16.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f45a1f9b3ae6388ab45f5fe018ce9e0e0199593cf3ab900509473aa68c9c2c16.dll
Resource
win10v2004-20221111-en
General
-
Target
f45a1f9b3ae6388ab45f5fe018ce9e0e0199593cf3ab900509473aa68c9c2c16.dll
-
Size
325KB
-
MD5
2cd83cc9d9c7ee1d1c4bc806fad389ed
-
SHA1
c4b3cb6e2bbc93a919ca9d2142a5f1c9ac34e4ee
-
SHA256
f45a1f9b3ae6388ab45f5fe018ce9e0e0199593cf3ab900509473aa68c9c2c16
-
SHA512
5e077a02938482f356b53ae675485b114f37023bb062fa3fb4f1ed247f07486fbb789eca8a11a50b96a8d7146f7123f2fb7f9d825bc9f1c1c25ae2190b0607ba
-
SSDEEP
6144:THlDtXOPTY8alysMFDPWzOBSYwIqikSOepPZQl4BWmLbp/fUe:THNxOPM8aKDWgkSOKZxpp3L
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5052 wrote to memory of 5112 5052 rundll32.exe rundll32.exe PID 5052 wrote to memory of 5112 5052 rundll32.exe rundll32.exe PID 5052 wrote to memory of 5112 5052 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f45a1f9b3ae6388ab45f5fe018ce9e0e0199593cf3ab900509473aa68c9c2c16.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5052 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f45a1f9b3ae6388ab45f5fe018ce9e0e0199593cf3ab900509473aa68c9c2c16.dll,#12⤵PID:5112
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/5112-132-0x0000000000000000-mapping.dmp