Analysis
-
max time kernel
150s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03-12-2022 23:47
Static task
static1
Behavioral task
behavioral1
Sample
d786520ee49e66d61e55f40fbf60e7d9bd79148589a1bfa9d9e2d1cc6ae539c7.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
d786520ee49e66d61e55f40fbf60e7d9bd79148589a1bfa9d9e2d1cc6ae539c7.dll
-
Size
299KB
-
MD5
24a24158f68ccaa514bd4502f1ccf940
-
SHA1
c3a76de5b5e4980d70411d9e9da0f75e1eef13e3
-
SHA256
d786520ee49e66d61e55f40fbf60e7d9bd79148589a1bfa9d9e2d1cc6ae539c7
-
SHA512
b690745761b8b7f747faf934f2788d7d04b537739764822aa3dc69b67d1d9752f786acfabcdb9f8a0e3884ff3af677d8e1b4e81f5f0693f7aa052ea4ee43b4c3
-
SSDEEP
3072:o6pU5Y1DXnbMn7Uzkop61/dAzV2O3XwTBftrm2YedGf3QKZDR:o6C5AXbMn7UI1FoV2gwTBlrIckP7
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4860 wrote to memory of 448 4860 rundll32.exe rundll32.exe PID 4860 wrote to memory of 448 4860 rundll32.exe rundll32.exe PID 4860 wrote to memory of 448 4860 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d786520ee49e66d61e55f40fbf60e7d9bd79148589a1bfa9d9e2d1cc6ae539c7.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d786520ee49e66d61e55f40fbf60e7d9bd79148589a1bfa9d9e2d1cc6ae539c7.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/448-132-0x0000000000000000-mapping.dmp