Analysis
-
max time kernel
179s -
max time network
188s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
26-11-2022 04:06
Static task
static1
Behavioral task
behavioral1
Sample
318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381.dll
Resource
win10v2004-20221111-en
General
-
Target
318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381.dll
-
Size
92KB
-
MD5
0eb8fc81bf46bc4335590cc55ac48d61
-
SHA1
15c6500c0a25ef1bb49a38a2df933d89760b4a9b
-
SHA256
318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381
-
SHA512
0edfd5047dbdc697abd5cc9d4c1d1be1b5de76f020db46ec1862eb07e3008ff6a4fa515580cac6d8dbb2bcfd493c35a5945f377ea2d52db4730126f905856101
-
SSDEEP
1536:yey7v0e15WPnM2tJjK2SCE58ecuuGsFZD6QXHhAk/tDLeV:yeyr/15eVKbCEBuGsFZDzXBAk/tDLeV
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3104 wrote to memory of 3056 3104 rundll32.exe rundll32.exe PID 3104 wrote to memory of 3056 3104 rundll32.exe rundll32.exe PID 3104 wrote to memory of 3056 3104 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3056-132-0x0000000000000000-mapping.dmp