Analysis
-
max time kernel
46s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
29-11-2022 20:23
General
-
Target
d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff.dll
-
Size
1.5MB
-
MD5
da9b94d6b5623d26a75121c3292439df
-
SHA1
fdc9f765bb454e26c1e542f787f62cd37ed7fe99
-
SHA256
d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff
-
SHA512
f993d29051035465ccfd3c91bb329c5cb0cd496cdcfe1fab37f3ecefc2a300927e84d486746da5765f76207b4b8c70a57b61b328f8bd2c9fa3a50dd758b307cb
-
SSDEEP
24576:d7mGHd3AJapUt7yTD1BSDriDJJqDL3Q5qAQgtMl0DT5OsT5tiCfsK7QNR9qb0zXQ:d7vHNHyefuXSJJqDbRDgtM6ROsOCflK/
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0190ebe458f8b4061067ca37f82ba2297c56d380b63d392868ab28d2d8b04ff.dll,#12⤵
- Blocklisted process makes network request
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1344-54-0x0000000000000000-mapping.dmp
-
memory/1344-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmpFilesize
8KB
-
memory/1344-56-0x0000000000260000-0x0000000000263000-memory.dmpFilesize
12KB