Analysis
-
max time kernel
155s -
max time network
172s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
02-12-2022 02:45
Static task
static1
Behavioral task
behavioral1
Sample
9802661483215b6cc6cef53618d6911f6cb7761fa75e85f3b9dbe78c13c95720.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
9802661483215b6cc6cef53618d6911f6cb7761fa75e85f3b9dbe78c13c95720.dll
-
Size
351KB
-
MD5
12971bc35851efcf40d6d286086da577
-
SHA1
beef5b5ce1b20be434ee1e38425c4c4feeb86892
-
SHA256
9802661483215b6cc6cef53618d6911f6cb7761fa75e85f3b9dbe78c13c95720
-
SHA512
5c6e7251b72ca5d8eb4d417cbba7d51672c159b805c7933776b4545ccb363e7dfcb3fab4f4dc812429ffe573f2b9acdd13634365d9d3c58cdab8f408c1dd06ff
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0L:jDgtfRQUHPw06MoV2nwTBlhm8z
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2872 wrote to memory of 4440 2872 rundll32.exe rundll32.exe PID 2872 wrote to memory of 4440 2872 rundll32.exe rundll32.exe PID 2872 wrote to memory of 4440 2872 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9802661483215b6cc6cef53618d6911f6cb7761fa75e85f3b9dbe78c13c95720.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9802661483215b6cc6cef53618d6911f6cb7761fa75e85f3b9dbe78c13c95720.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4440-132-0x0000000000000000-mapping.dmp