Analysis
-
max time kernel
192s -
max time network
199s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2022 19:25
Static task
static1
Behavioral task
behavioral1
Sample
e7d899736db8a7a3697b7d1b1b9260ef27507f278b070e8051d9a0973454676f.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e7d899736db8a7a3697b7d1b1b9260ef27507f278b070e8051d9a0973454676f.dll
Resource
win10v2004-20221111-en
General
-
Target
e7d899736db8a7a3697b7d1b1b9260ef27507f278b070e8051d9a0973454676f.dll
-
Size
463KB
-
MD5
4fcc44f7047a7207004242dfc668eeef
-
SHA1
41634bc2cecc41907b1e8a6499cb5471215e8b21
-
SHA256
e7d899736db8a7a3697b7d1b1b9260ef27507f278b070e8051d9a0973454676f
-
SHA512
537735a775258941e49400521e8b57af3289a3a8210be4bf059a6f2cf41a6f081d31df86021731283e92ff60bf4254520a57dd9541b261e3ff0293f4fff893a0
-
SSDEEP
6144:bow6oBYWZ8141KE88G2SF3I1bnsKiUjH/aplFwssacHf0NWK3JDejb+smNSlh:D6o6WZ814XNVbsKn4wEcHoWqDejb+b4h
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4568 wrote to memory of 372 4568 rundll32.exe rundll32.exe PID 4568 wrote to memory of 372 4568 rundll32.exe rundll32.exe PID 4568 wrote to memory of 372 4568 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e7d899736db8a7a3697b7d1b1b9260ef27507f278b070e8051d9a0973454676f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e7d899736db8a7a3697b7d1b1b9260ef27507f278b070e8051d9a0973454676f.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/372-132-0x0000000000000000-mapping.dmp