Overview

overview

7

Static

static

d22f59500b...b5.dll

windows7-x64

7

d22f59500b...b5.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/12/2022, 22:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d22f59500b921030ba391fed3e0fb4f0747f8cc370d2adeffbaa4f9676df60b5.dll

  • Size

    20KB

  • MD5

    c956f06adb5f7a553a37f03681b84f72

  • SHA1

    d1229265391ea5ee118d021fedd7cb36c4bee873

  • SHA256

    d22f59500b921030ba391fed3e0fb4f0747f8cc370d2adeffbaa4f9676df60b5

  • SHA512

    8c4bd0693b0fe16921b7a763fc8cdce584a9e6f36c22da75de0615f8a972b355fc2887aff59acae04d2d73b536f9949c6844da465cc451ed47222e949e0675c9

  • SSDEEP

    384:zSG/2Jp+C6QhtmruxCcdIL+0XplcsCAu8UaWHuqaTlX0wG:zfYh2oCtpXPcsx2OqaewG

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d22f59500b921030ba391fed3e0fb4f0747f8cc370d2adeffbaa4f9676df60b5.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4152
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d22f59500b921030ba391fed3e0fb4f0747f8cc370d2adeffbaa4f9676df60b5.dll,#1
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\D834.tmp
    Filesize

    20KB

    MD5

    cdf6e6b1e601a9a0aec06411c36f1a9c

    SHA1

    92230671e29fce8655082e58094ffe814fbe7c9e

    SHA256

    83985f6f9284166f33fb8bfdc5c5982f9074416ba71941ce4aab5d96668203bd

    SHA512

    6779e9fe14c114e360cd0316370eee81f3669a69a3eefe74d5132459399af5566c838e12eaad9d3a9789ec2bc46f4996d51eff2a3a1f8bd299d4d2ea74ca9b1c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\D834.tmp
    Filesize

    20KB

    MD5

    cdf6e6b1e601a9a0aec06411c36f1a9c

    SHA1

    92230671e29fce8655082e58094ffe814fbe7c9e

    SHA256

    83985f6f9284166f33fb8bfdc5c5982f9074416ba71941ce4aab5d96668203bd

    SHA512

    6779e9fe14c114e360cd0316370eee81f3669a69a3eefe74d5132459399af5566c838e12eaad9d3a9789ec2bc46f4996d51eff2a3a1f8bd299d4d2ea74ca9b1c

    Download Submit

  • memory/4960-135-0x0000000002A21000-0x0000000002A23000-memory.dmp

    Filesize

    8KB

    Download