Analysis
-
max time kernel
12s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
27-11-2022 20:17
Behavioral task
behavioral1
Sample
2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f.dll
Resource
win10v2004-20220812-en
General
-
Target
2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f.dll
-
Size
318KB
-
MD5
537402ee556a3cd05552ec9a64a2ef07
-
SHA1
12768e31c3268fc76c701bf128be96c946fef45a
-
SHA256
2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f
-
SHA512
a4bd2246726e4f425d1cd7e01e8e6a75bb41776b08c41c0c40314f36acd2d320dcbea4bd57cc4cf30d8931ddc9c996e76e884962ea0375b314fc491e56fa3a5d
-
SSDEEP
6144:i6BDSXv3WyRljOpYwo+XqidUtmko1vMAvcvyEmut6R4gocnwgv/p+ZJN:i6BKWyRljgYUXqKomko1EzvM7nwGp+Zn
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/960-56-0x0000000075340000-0x00000000753E9000-memory.dmp vmprotect behavioral1/memory/960-58-0x0000000075340000-0x00000000753E9000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe PID 1956 wrote to memory of 960 1956 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1956 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f.dll,#12⤵PID:960
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/960-54-0x0000000000000000-mapping.dmp
-
memory/960-55-0x0000000075DA1000-0x0000000075DA3000-memory.dmpFilesize
8KB
-
memory/960-56-0x0000000075340000-0x00000000753E9000-memory.dmpFilesize
676KB
-
memory/960-58-0x0000000075340000-0x00000000753E9000-memory.dmpFilesize
676KB
-
memory/960-59-0x00000000753F0000-0x0000000075499000-memory.dmpFilesize
676KB