Analysis
-
max time kernel
32s -
max time network
70s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
25-11-2022 12:17
Behavioral task
behavioral1
Sample
89cea110c54c6b7192c3b5c7512b8790ad617ff2fce223003d0e2fd41f276384.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
89cea110c54c6b7192c3b5c7512b8790ad617ff2fce223003d0e2fd41f276384.dll
Resource
win10v2004-20220812-en
General
-
Target
89cea110c54c6b7192c3b5c7512b8790ad617ff2fce223003d0e2fd41f276384.dll
-
Size
632KB
-
MD5
f1f6cbe5509afe94213157781bf06fd0
-
SHA1
8dfbf3b9a6c9786b57c42dfb1d31c901ae2123bc
-
SHA256
89cea110c54c6b7192c3b5c7512b8790ad617ff2fce223003d0e2fd41f276384
-
SHA512
073e65a7d0bbe280e19055173f22ea3217384f6a36c2fd95e23e509b3026a6f4d9a1cd5965a18899ac486228b46ac7c8ff83ff5ac001cf6f29a7e730989c748a
-
SSDEEP
12288:VVpIKWJQgeY4Y3TPGp3Ig9E5Okfhuy95qXtIjBRyoknThUrtxksZs+RrWU:VVOKWJyY4YDPSEgG7jBBknThUrtjsQJ
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 3 1360 rundll32.exe -
Processes:
resource yara_rule behavioral1/memory/1360-56-0x0000000000A30000-0x0000000000B8F000-memory.dmp vmprotect behavioral1/memory/1360-58-0x0000000000A30000-0x0000000000B8F000-memory.dmp vmprotect behavioral1/memory/1360-59-0x0000000000A30000-0x0000000000B8F000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1416 wrote to memory of 1360 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1360 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1360 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1360 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1360 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1360 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1360 1416 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\89cea110c54c6b7192c3b5c7512b8790ad617ff2fce223003d0e2fd41f276384.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\89cea110c54c6b7192c3b5c7512b8790ad617ff2fce223003d0e2fd41f276384.dll,#12⤵
- Blocklisted process makes network request
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1360-54-0x0000000000000000-mapping.dmp
-
memory/1360-55-0x0000000075F01000-0x0000000075F03000-memory.dmpFilesize
8KB
-
memory/1360-56-0x0000000000A30000-0x0000000000B8F000-memory.dmpFilesize
1.4MB
-
memory/1360-58-0x0000000000A30000-0x0000000000B8F000-memory.dmpFilesize
1.4MB
-
memory/1360-59-0x0000000000A30000-0x0000000000B8F000-memory.dmpFilesize
1.4MB