Analysis

  • max time kernel
    155s
  • max time network
    214s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 19:36

General

  • Target

    MirServer/Mir200/IPLocal.dll

  • Size

    167KB

  • MD5

    bbf62130e7a5966a2b7b89411ad335c8

  • SHA1

    9f6a0af9525cc6b6df479d3d511e06200571c1b5

  • SHA256

    da61a728a96293d8d99db31d3843a68c3788fca93f630219adfab0e0132dde44

  • SHA512

    52baf478f0dab1bb13e03b6ae47ea48b0cc329a35569cd78473e8c5eeefe0d6474b7ad720cbf90664fd140c9c76dcfdd92bcddee11c8b9c2488b5c114d7babf2

  • SSDEEP

    3072:vqu/oVRpW3b2OQLOhRy7kCmRHnhAQPukkGfeDN/z2HS79BKyJcC:v1o3Ab2VLOhAehhN9vexb2HS79gyK

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\MirServer\Mir200\IPLocal.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4220
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\MirServer\Mir200\IPLocal.dll,#1
      2⤵
        PID:2160

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2160-132-0x0000000000000000-mapping.dmp