Analysis
-
max time kernel
174s -
max time network
189s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
10-02-2023 20:01
Behavioral task
behavioral1
Sample
39a4c721352df624b616027997c6aeb7a6cdc5d656a581e2b2d925e56b8ea6fc.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
39a4c721352df624b616027997c6aeb7a6cdc5d656a581e2b2d925e56b8ea6fc.dll
Resource
win10v2004-20220812-en
General
-
Target
39a4c721352df624b616027997c6aeb7a6cdc5d656a581e2b2d925e56b8ea6fc.dll
-
Size
107KB
-
MD5
f7e232691ebeb2a88d361703f98bd044
-
SHA1
eaff769eef60ce7ac76588f3392e1d40e75f25e8
-
SHA256
39a4c721352df624b616027997c6aeb7a6cdc5d656a581e2b2d925e56b8ea6fc
-
SHA512
0113f3e21113b9065d1f816d7d0bccf2738d8105bfa84523f91e123b9633580bff183c8dd33de3e40ee0385ff24926e5ce7b3d398560d1b27293b00c51faf04c
-
SSDEEP
1536:tPdB0xX3By4kWx8hBy1PT+LkNGAkPWa5HVRF83mOeW3qEQY0CBRxmztDpwo3:tVByXxfkWxuo1r+LRfPWqT83mEGCf
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4980 wrote to memory of 4908 4980 rundll32.exe rundll32.exe PID 4980 wrote to memory of 4908 4980 rundll32.exe rundll32.exe PID 4980 wrote to memory of 4908 4980 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\39a4c721352df624b616027997c6aeb7a6cdc5d656a581e2b2d925e56b8ea6fc.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4980 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\39a4c721352df624b616027997c6aeb7a6cdc5d656a581e2b2d925e56b8ea6fc.dll,#12⤵PID:4908
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4908-132-0x0000000000000000-mapping.dmp