Resubmissions

05-12-2022 21:51

221205-1qneysag86 10

05-12-2022 21:11

221205-z1sa8abc2y 10

05-12-2022 21:02

221205-zvs1kaaf4t 10

05-12-2022 19:59

221205-yqdjmsbd53 10

Analysis

  • max time kernel
    132s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2022 19:59

General

  • Target

    discoveries/erect.dll

  • Size

    667KB

  • MD5

    e8d95feadab525fb0d43b040a02e05ab

  • SHA1

    1e22feca8821afccc712455b6bce10dfdc95728a

  • SHA256

    c6887e515b36694e8e738c0df7610014e084bcce80ee13c998087471daf039a4

  • SHA512

    f154e2e188fd96e3a20c713a07f3afed35e96810e8810616b1bb86ee1677d9ceb4eaae0a9b52066442e04c489e6395b59f642bf83976b4c68caea0c5b9bd6b9d

  • SSDEEP

    6144:JxE9vbMKBWrQXhjXNkXWaw0SeUK/SZmtoLOAuUW4xSY2H6+5tjesNMjuX+yM3H59:nV6Wrg9NqGcUKajSYu5tjz5niH9km

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\discoveries\erect.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:900
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\discoveries\erect.dll,#1
      2⤵
        PID:1260

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1260-132-0x0000000000000000-mapping.dmp