Analysis
-
max time kernel
93s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
04-12-2022 15:43
Static task
static1
Behavioral task
behavioral1
Sample
3d0d7687f977c1640c836b08f194a7508d996e037d3bc57a9bdcac23753a32a3.dll
Resource
win7-20221111-en
2 signatures
150 seconds
General
-
Target
3d0d7687f977c1640c836b08f194a7508d996e037d3bc57a9bdcac23753a32a3.dll
-
Size
416KB
-
MD5
cdd717d12ae8e22e65585f31dff6a640
-
SHA1
8d000d5119e709ac796496e17d496fa3397cc58b
-
SHA256
3d0d7687f977c1640c836b08f194a7508d996e037d3bc57a9bdcac23753a32a3
-
SHA512
8d0f6254e3427614a42dc3e29740b3944358c109c04aea7bf9a7dd684374097296b9cd5d413254eca06e91b7151acf4f118602d2c2018271d933081843e394d5
-
SSDEEP
3072:o6pU5Y1DXnbMn7Uzkop61/dAzV2O3XwTBftrm2YedGf3QKZDj:o6C5AXbMn7UI1FoV2gwTBlrIckPB
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5056 wrote to memory of 5028 5056 rundll32.exe rundll32.exe PID 5056 wrote to memory of 5028 5056 rundll32.exe rundll32.exe PID 5056 wrote to memory of 5028 5056 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3d0d7687f977c1640c836b08f194a7508d996e037d3bc57a9bdcac23753a32a3.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3d0d7687f977c1640c836b08f194a7508d996e037d3bc57a9bdcac23753a32a3.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/5028-132-0x0000000000000000-mapping.dmp