Analysis

  • max time kernel
    151s
  • max time network
    184s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-11-2022 22:13

General

  • Target

    e32c8fa9712a8608bccbf9c950c6d2eecbd16a77aa8acda073c5f2087bb320be.dll

  • Size

    28KB

  • MD5

    b7aad9d964a4e3ca5e2c377e27d4d519

  • SHA1

    aa635b94cdbfdddcfc2b6781470ff00f92ab2077

  • SHA256

    e32c8fa9712a8608bccbf9c950c6d2eecbd16a77aa8acda073c5f2087bb320be

  • SHA512

    18f6686b05dd112c7663d94f3e8b28a3a20c98ba1320270092ab70f1fdd4a5fb59060d05fb38782f9d692ab182d9e195c2b879df5a64248665b0adf933114545

  • SSDEEP

    192:WhasgJMB4NaFVniTADNqIjC3+spKhqNpiHlgpTy/mpfpTV3:AasHtX8YN9jC3+SKw7Lpu/mpfpR

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e32c8fa9712a8608bccbf9c950c6d2eecbd16a77aa8acda073c5f2087bb320be.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\e32c8fa9712a8608bccbf9c950c6d2eecbd16a77aa8acda073c5f2087bb320be.dll,#1
      2⤵
        PID:4692

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4692-132-0x0000000000000000-mapping.dmp