Analysis
-
max time kernel
204s -
max time network
226s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
03-12-2022 21:11
Behavioral task
behavioral1
Sample
676a40b9b5d8243b8be60b88686b3e4bad90f8df67f1a6edba801fd9ae124bec.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
676a40b9b5d8243b8be60b88686b3e4bad90f8df67f1a6edba801fd9ae124bec.dll
Resource
win10v2004-20221111-en
General
-
Target
676a40b9b5d8243b8be60b88686b3e4bad90f8df67f1a6edba801fd9ae124bec.dll
-
Size
734KB
-
MD5
9f025e72c061326ffc33e8f6b405191c
-
SHA1
2282d15bdbd49c3a2d38425c19ac09b0442847e3
-
SHA256
676a40b9b5d8243b8be60b88686b3e4bad90f8df67f1a6edba801fd9ae124bec
-
SHA512
1a008c9d043c0309036370283141773e445d337f5d5cc862b5c489b4769397e14a37e9831b310bf56a8621156ab3200c3faa3b7489b8aa98479fde13a6c1679e
-
SSDEEP
12288:JHJKVstSgdaG+6QwxO4svagwUa+89+weYfi6vmF/rAup6+van:JHRxO4RJ+8SY6imZlp65n
Malware Config
Signatures
-
Blocklisted process makes network request 7 IoCs
Processes:
rundll32.exeflow pid process 45 4328 rundll32.exe 60 4328 rundll32.exe 61 4328 rundll32.exe 68 4328 rundll32.exe 73 4328 rundll32.exe 77 4328 rundll32.exe 81 4328 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5100 wrote to memory of 4328 5100 rundll32.exe rundll32.exe PID 5100 wrote to memory of 4328 5100 rundll32.exe rundll32.exe PID 5100 wrote to memory of 4328 5100 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\676a40b9b5d8243b8be60b88686b3e4bad90f8df67f1a6edba801fd9ae124bec.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\676a40b9b5d8243b8be60b88686b3e4bad90f8df67f1a6edba801fd9ae124bec.dll,#12⤵
- Blocklisted process makes network request
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4328-132-0x0000000000000000-mapping.dmp