Analysis

  • max time kernel
    129s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-01-2023 03:06

General

  • Target

    happytime-onvif-server/libssl-1_1.dll

  • Size

    493KB

  • MD5

    2532c2db5b32af68448f56fc8b8a586d

  • SHA1

    2a28735220b1b7eb1e76ebda285b0209dccdca87

  • SHA256

    2498b09048c59941f6430d26d1847ef681e5e4638d07a7513e31a50eac543a8f

  • SHA512

    9e9ae6035f702e1c0dbdeba9b03cbca192fe75349f7d069ff45efccd3e670f4020f4cf4ee07a605df2c894f5658bd52283f6c204288e9220b400e1e81aace7bb

  • SSDEEP

    12288:BJ8sR6fYGsTRZ9vpHvG9ZiBgp/GidLzVaU2lvzXE5:B/Xsf8WaU2lvzXE5

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\happytime-onvif-server\libssl-1_1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4992
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\happytime-onvif-server\libssl-1_1.dll,#1
      2⤵
        PID:1440

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1440-132-0x0000000000000000-mapping.dmp