Analysis
-
max time kernel
91s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 06:22
Static task
static1
Behavioral task
behavioral1
Sample
73092832fc2bb74d667c3d8a013ad4286c7df8e130698762063c36adb89d887f.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
73092832fc2bb74d667c3d8a013ad4286c7df8e130698762063c36adb89d887f.dll
Resource
win10v2004-20220901-en
General
-
Target
73092832fc2bb74d667c3d8a013ad4286c7df8e130698762063c36adb89d887f.dll
-
Size
187KB
-
MD5
c72802b4bc872eda30044245f0525f3a
-
SHA1
1c8ce7e05b1ed4426e3c1430d738289fd7649d01
-
SHA256
73092832fc2bb74d667c3d8a013ad4286c7df8e130698762063c36adb89d887f
-
SHA512
1d07be14ffceb1d4d334cab466532ee3e70fa6810f1803774599e72992e3522c889f1703437c4a29f708cb7eec7e3adeca49abbe4a438d9e65ed53b9a23130e8
-
SSDEEP
3072:JskRfXL9xl4EWn0rx5ScAJ6gdznwb+VOos7d77s8Be/1DGhOQS5yTx9HKPln:zRD9Fx4cAJ6gxbVGRA/1DeOQ3K
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2804 wrote to memory of 1152 2804 rundll32.exe rundll32.exe PID 2804 wrote to memory of 1152 2804 rundll32.exe rundll32.exe PID 2804 wrote to memory of 1152 2804 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\73092832fc2bb74d667c3d8a013ad4286c7df8e130698762063c36adb89d887f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\73092832fc2bb74d667c3d8a013ad4286c7df8e130698762063c36adb89d887f.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1152-132-0x0000000000000000-mapping.dmp