Analysis

  • max time kernel
    165s
  • max time network
    187s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-12-2022 01:26

General

  • Target

    cff38e8d7f68f5711eab926674b49aaa98b9e7cbb40458631fbe9f7a06135e77.dll

  • Size

    74KB

  • MD5

    0c5b62905998b85fce215194403e589d

  • SHA1

    5fda14a4017bbe9f73eeb99c92956f4f711f637d

  • SHA256

    cff38e8d7f68f5711eab926674b49aaa98b9e7cbb40458631fbe9f7a06135e77

  • SHA512

    70d89b6d8e0f25dae2d2260eaf54f65f41175ffa66bfd4cf3e4d3f25c9ad03f7c56a7a748ca675e77d852ecbf4e5ec05d4734cbb6c8d58a487d440c366f28fbe

  • SSDEEP

    1536:EGWN9q2qo5jvy8aYgXP3xMhlHWi3ftVuwde7Kh2:EGi9xqwG5YgXP3ckiPt4ie7K8

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\cff38e8d7f68f5711eab926674b49aaa98b9e7cbb40458631fbe9f7a06135e77.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\cff38e8d7f68f5711eab926674b49aaa98b9e7cbb40458631fbe9f7a06135e77.dll,#1
      2⤵
        PID:2560

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2560-132-0x0000000000000000-mapping.dmp