Analysis
-
max time kernel
252s -
max time network
325s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
27-11-2022 19:24
Static task
static1
Behavioral task
behavioral1
Sample
1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb.dll
Resource
win10v2004-20221111-en
General
-
Target
1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb.dll
-
Size
456KB
-
MD5
35209c845dd2c67749fe8cca12a5b310
-
SHA1
1cf945f3af89253e0da8bfa463e7893a5ff4700f
-
SHA256
1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb
-
SHA512
46c28d345fa5655f3ae02b873ec59ab6c9715dac8ff59201ce7f8cd4339d2bdcc97fedfb8072aead9959795033618b248fe9b82fabd10ce751208381df8b705d
-
SSDEEP
6144:94TmSt9uNNtXlD2K0Hp/59dB9SzH2xL/zrnpEEDePzn5/K:tYQtXlD2N7SD2xnTpbDeb5
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4524 wrote to memory of 3460 4524 rundll32.exe rundll32.exe PID 4524 wrote to memory of 3460 4524 rundll32.exe rundll32.exe PID 4524 wrote to memory of 3460 4524 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3460-132-0x0000000000000000-mapping.dmp