Analysis

  • max time kernel
    180s
  • max time network
    188s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-12-2022 13:17

General

  • Target

    d05c867cbe902a1aca75ddaab3d5a704d7c876156cf3106daeec599b7d1bd417.dll

  • Size

    372KB

  • MD5

    0be42c5f706143804ce88603a74f692c

  • SHA1

    fe273aa5d5ccb4c788855f608ac990dc70b6cae8

  • SHA256

    d05c867cbe902a1aca75ddaab3d5a704d7c876156cf3106daeec599b7d1bd417

  • SHA512

    8f924648d88aba655db1aa3235ebf851595edf9411dcdf3e0ab59882f0bc73309c660f907bec35661416ae3dc40859d44ebe602c45b6ea972ecc46e3e8f1f67c

  • SSDEEP

    6144:PCd3ldSuQWJ6hWxlhKFXvFbdGGpFHLFLiPGdMMC1k19i3Sye+JNe:P+NTJ6UjcJplwP2FRHUSyZm

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d05c867cbe902a1aca75ddaab3d5a704d7c876156cf3106daeec599b7d1bd417.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1020
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d05c867cbe902a1aca75ddaab3d5a704d7c876156cf3106daeec599b7d1bd417.dll,#1
      2⤵
        PID:2564

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2564-132-0x0000000000000000-mapping.dmp

    • memory/2564-133-0x0000000010000000-0x0000000010061000-memory.dmp

      Filesize

      388KB