Analysis
-
max time kernel
108s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
20-12-2022 18:15
Behavioral task
behavioral1
Sample
8cf2fc1d60f209caf0c6ff623cd29831d42aa69ad5739e76cdf480133fee0598.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
8cf2fc1d60f209caf0c6ff623cd29831d42aa69ad5739e76cdf480133fee0598.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
8cf2fc1d60f209caf0c6ff623cd29831d42aa69ad5739e76cdf480133fee0598.dll
-
Size
2.4MB
-
MD5
d7c0d74b6f17eef08331a651bfc4da37
-
SHA1
45a25916814c3bf58934d2b700b7d09c0bcf2584
-
SHA256
8cf2fc1d60f209caf0c6ff623cd29831d42aa69ad5739e76cdf480133fee0598
-
SHA512
63dcbd9f5530a180e141742c9ff774d1ee44b274a9d19b0d337f5c3d6d4261966bc01b988be034596af1336288f62a6a21cd1a0cc6c05990042cf2a5b4a03005
-
SSDEEP
49152:RryDs5d5Xf4AEVqjEox/vkhGSzVGDR38WiGDsTcixZ:kEPHEKESH4GRiz
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2652 wrote to memory of 2456 2652 rundll32.exe rundll32.exe PID 2652 wrote to memory of 2456 2652 rundll32.exe rundll32.exe PID 2652 wrote to memory of 2456 2652 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8cf2fc1d60f209caf0c6ff623cd29831d42aa69ad5739e76cdf480133fee0598.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8cf2fc1d60f209caf0c6ff623cd29831d42aa69ad5739e76cdf480133fee0598.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2456-132-0x0000000000000000-mapping.dmp