Analysis
-
max time kernel
191s -
max time network
204s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 05:16
Behavioral task
behavioral1
Sample
9312211fffc2ae363af6f0b1bb074c60504d0ba74938f5e47e06622fbbc472d3.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
9312211fffc2ae363af6f0b1bb074c60504d0ba74938f5e47e06622fbbc472d3.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
9312211fffc2ae363af6f0b1bb074c60504d0ba74938f5e47e06622fbbc472d3.dll
-
Size
73KB
-
MD5
f1b403da96a2fe3e0740411d0be91b80
-
SHA1
6ad7ee9dd52a4e7183940339cbab4ac13eaf7e05
-
SHA256
9312211fffc2ae363af6f0b1bb074c60504d0ba74938f5e47e06622fbbc472d3
-
SHA512
e30a182fbda3bfdf48f4556f2fdd0af768ed62bc7c9464b4e8f3ff03170c192f0d0a595ae5ce3b8da6627d8d9377ff4c598fdcba0c11c91882fe66f0862aada4
-
SSDEEP
1536:w00M29IodAzll3dJBYU/briHvVHeujS6nbpc8UbTJ26vv:RYdcr/bQHeu7nVkN
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
Processes:
rundll32.exedescription ioc process File created C:\Windows\SysWOW64\ylzt07022.Fe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3056 wrote to memory of 1104 3056 rundll32.exe rundll32.exe PID 3056 wrote to memory of 1104 3056 rundll32.exe rundll32.exe PID 3056 wrote to memory of 1104 3056 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9312211fffc2ae363af6f0b1bb074c60504d0ba74938f5e47e06622fbbc472d3.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9312211fffc2ae363af6f0b1bb074c60504d0ba74938f5e47e06622fbbc472d3.dll,#12⤵
- Drops file in System32 directory
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1104-132-0x0000000000000000-mapping.dmp