Analysis
-
max time kernel
158s -
max time network
196s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 06:21
Static task
static1
Behavioral task
behavioral1
Sample
793ede930f92915968ba038b5627a1917face934e683d9e1c3792ce05cf5228c.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
793ede930f92915968ba038b5627a1917face934e683d9e1c3792ce05cf5228c.dll
Resource
win10v2004-20221111-en
General
-
Target
793ede930f92915968ba038b5627a1917face934e683d9e1c3792ce05cf5228c.dll
-
Size
107KB
-
MD5
6a27d4ad6713af6f462720b0ac4fe2fd
-
SHA1
72e7ec6df89e73a3fd1549754ec66f4a4b75a4f7
-
SHA256
793ede930f92915968ba038b5627a1917face934e683d9e1c3792ce05cf5228c
-
SHA512
ebeebf65aa0ad4c24f93412d04f97e766b5f33acf747a332e95a4bf304388ca07c15b90409e38c2ed3035cd3db3a7eb09eb9698832b585b6009f14e28ab110e7
-
SSDEEP
3072:uHxeB8gqjA+V/Dh/SGGCMoqnL6gjB6XXh5Gpsnk:uoB8gq7VbhhlIL6g96Btk
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 648 wrote to memory of 4272 648 rundll32.exe rundll32.exe PID 648 wrote to memory of 4272 648 rundll32.exe rundll32.exe PID 648 wrote to memory of 4272 648 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\793ede930f92915968ba038b5627a1917face934e683d9e1c3792ce05cf5228c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:648 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\793ede930f92915968ba038b5627a1917face934e683d9e1c3792ce05cf5228c.dll,#12⤵PID:4272
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4272-132-0x0000000000000000-mapping.dmp