Resubmissions

09-12-2022 21:31

221209-1c8tqsed62 10

01-12-2022 19:44

221201-yf4yvaeb95 10

Analysis

  • max time kernel
    412s
  • max time network
    417s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    09-12-2022 21:31

General

  • Target

    48.dll

  • Size

    600KB

  • MD5

    5f2f64254193b3e46ad38110af70c191

  • SHA1

    3c390a854b4bed296d549288e42ab9388a39b42b

  • SHA256

    cff751c5dc8d9914b185064dd21cbbac5db7768cab5be0eab6bc2ac958559ef6

  • SHA512

    708d894742bc1cb1c1f855771d364f4a1388aa0abdd920767330509bea6977d2e9c8efab4ba25e60ad61f6320b42840f207d7e25b68e803cc57f28809d35cd2b

  • SSDEEP

    12288:QSUUEfo5I6/o2qgkpUdG9Msme0CWUdOWk4F:QSTiWDvLmRme0C0Wk4

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\48.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1304
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\48.dll,#1
      2⤵
        PID:2012

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2012-54-0x0000000000000000-mapping.dmp

    • memory/2012-55-0x00000000762E1000-0x00000000762E3000-memory.dmp

      Filesize

      8KB