Analysis
-
max time kernel
166s -
max time network
187s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 06:22
Static task
static1
Behavioral task
behavioral1
Sample
6f20e786e960f995356a7be0d236af24c1ee6ad78ca6113f74c82ac1f6433911.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
6f20e786e960f995356a7be0d236af24c1ee6ad78ca6113f74c82ac1f6433911.dll
Resource
win10v2004-20220812-en
General
-
Target
6f20e786e960f995356a7be0d236af24c1ee6ad78ca6113f74c82ac1f6433911.dll
-
Size
580KB
-
MD5
d4e3d56ae946fce597476bb7a5fc7d75
-
SHA1
4da49bccb0e8c55b242b3a66d1b65cae21611e22
-
SHA256
6f20e786e960f995356a7be0d236af24c1ee6ad78ca6113f74c82ac1f6433911
-
SHA512
7a84e7a9a72e749de4e68ad8b60ceedda488a25b6205006bc7f04e8e8134a6036367056e75208b6ad78a4f2604e5785a11cae5b1674a0a35a387f0853e5a454b
-
SSDEEP
6144:x51rMsO2x9GxGtelvGSSlcv88BFhv98HgBnNGAxylvDTI3lv32m+2Hbc+E7sB98E:f53x4GTZcv88BHvtqJyBGk
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1396 wrote to memory of 2976 1396 rundll32.exe rundll32.exe PID 1396 wrote to memory of 2976 1396 rundll32.exe rundll32.exe PID 1396 wrote to memory of 2976 1396 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6f20e786e960f995356a7be0d236af24c1ee6ad78ca6113f74c82ac1f6433911.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6f20e786e960f995356a7be0d236af24c1ee6ad78ca6113f74c82ac1f6433911.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2976-132-0x0000000000000000-mapping.dmp