e528dda3c969fea3e808186519400ea22c0f4d9a04ddbacbd6648471da7f7785

Analysis

max time kernel
145s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e528dda3c969fea3e808186519400ea22c0f4d9a04ddbacbd6648471da7f7785.dll
Size

268KB
MD5

d6c72674ba8bb9ef8d06bb06121f2c40
SHA1

96f755228b2d4484f6aa90a8d6ff0df22c411edb
SHA256

e528dda3c969fea3e808186519400ea22c0f4d9a04ddbacbd6648471da7f7785
SHA512

02f37f24c8cd4528ec8f09bddee5d59e9f0caf8fa54ddd3045b99f79f6c5afc87eadf8d2919b8069f058e6b724aa629c7c3851e02347e86e14b833e03cc94f39
SSDEEP

6144:pI0bZNAe5gt6qJBnvFomdVf4ZH327jYM8rSddwA:pjTA6ggqJBOJm7M/rTA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 5012	1576	rundll32.exe	78
PID 1576 wrote to memory of 5012	1576	rundll32.exe	78
PID 1576 wrote to memory of 5012	1576	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e528dda3c969fea3e808186519400ea22c0f4d9a04ddbacbd6648471da7f7785.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e528dda3c969fea3e808186519400ea22c0f4d9a04ddbacbd6648471da7f7785.dll,#1
  2⤵
  - Enumerates system info in registry
  PID:5012

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5012-133-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/5012-134-0x0000000000450000-0x000000000047D000-memory.dmp

Filesize
180KB

Download