Analysis
-
max time kernel
42s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
27-11-2022 10:53
Behavioral task
behavioral1
Sample
Wall Hack.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Wall Hack.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
x1nject.exe
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
x1nject.exe
Resource
win10v2004-20221111-en
General
-
Target
Wall Hack.dll
-
Size
197KB
-
MD5
bee0a0d87f00d2b4e8125aafa5c35b05
-
SHA1
37527f723c138d4500e30e4a5c34ddecf50c5c34
-
SHA256
0a5e783e5bb7b812351eb372e324f2f33b5a6f943da0fee718af816e37ce8150
-
SHA512
b93b40476b79783e95aac3eb2d18b0e8ca6087547235b76056030d5affb707739f3a712ace26ca6a63e96a8ee4383ad2ee70b4ec3fb04d1c8b4298efbac8a69a
-
SSDEEP
3072:0gSzAsSZES2L8EH89KZGaUalyAJqO9rIm1EVPk6VXF2N1FFQirgPOlS5ss:0g7TES2XcAZQk6O9rIm1d6VFWs/5s
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1888-56-0x0000000074E60000-0x0000000074EE7000-memory.dmp vmprotect behavioral1/memory/1888-62-0x0000000074E60000-0x0000000074EE7000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
rundll32.exepid process 1888 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 956 wrote to memory of 1888 956 rundll32.exe rundll32.exe PID 956 wrote to memory of 1888 956 rundll32.exe rundll32.exe PID 956 wrote to memory of 1888 956 rundll32.exe rundll32.exe PID 956 wrote to memory of 1888 956 rundll32.exe rundll32.exe PID 956 wrote to memory of 1888 956 rundll32.exe rundll32.exe PID 956 wrote to memory of 1888 956 rundll32.exe rundll32.exe PID 956 wrote to memory of 1888 956 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Wall Hack.dll",#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Wall Hack.dll",#12⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1888-54-0x0000000000000000-mapping.dmp
-
memory/1888-55-0x0000000076561000-0x0000000076563000-memory.dmpFilesize
8KB
-
memory/1888-56-0x0000000074E60000-0x0000000074EE7000-memory.dmpFilesize
540KB
-
memory/1888-59-0x0000000074BE0000-0x0000000074DA3000-memory.dmpFilesize
1.8MB
-
memory/1888-60-0x0000000074BE0000-0x0000000074DA3000-memory.dmpFilesize
1.8MB
-
memory/1888-61-0x0000000074EF0000-0x0000000074F77000-memory.dmpFilesize
540KB
-
memory/1888-62-0x0000000074E60000-0x0000000074EE7000-memory.dmpFilesize
540KB
-
memory/1888-63-0x0000000074EF0000-0x0000000074F77000-memory.dmpFilesize
540KB