Analysis
-
max time kernel
91s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
15-02-2023 20:26
Behavioral task
behavioral1
Sample
566ddc62429279dcecea983a6e86fd47b854e3ee09555e4cc023a2b7733a111d.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
566ddc62429279dcecea983a6e86fd47b854e3ee09555e4cc023a2b7733a111d.dll
Resource
win10v2004-20220812-en
General
-
Target
566ddc62429279dcecea983a6e86fd47b854e3ee09555e4cc023a2b7733a111d.dll
-
Size
1.6MB
-
MD5
ef1ef76cb0fbd2eb18a728daf7585888
-
SHA1
e78ad6ad410f8cabf0336be832a6efbde580cebe
-
SHA256
566ddc62429279dcecea983a6e86fd47b854e3ee09555e4cc023a2b7733a111d
-
SHA512
836054b864c9d3bb27e3334ea4fc1eec9ffaa6196447bb39e459a6d680c38c4d7d5abb762eeedbfa39c2a4de679ec9403442a365412d911e4dcf1630e83bfaf5
-
SSDEEP
24576:V7HbEgxpCFOuBaiUsJH5+6U3JD/G8pjsyYNK6rdvOUEqcAK5Cvt3jUd17gnj:V7HbETQMCi46UZTiNK6rdDACVjKZy
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1196 wrote to memory of 1200 1196 rundll32.exe rundll32.exe PID 1196 wrote to memory of 1200 1196 rundll32.exe rundll32.exe PID 1196 wrote to memory of 1200 1196 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\566ddc62429279dcecea983a6e86fd47b854e3ee09555e4cc023a2b7733a111d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\566ddc62429279dcecea983a6e86fd47b854e3ee09555e4cc023a2b7733a111d.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1200-132-0x0000000000000000-mapping.dmp
-
memory/1200-134-0x00000000027E0000-0x0000000002840000-memory.dmpFilesize
384KB
-
memory/1200-133-0x0000000000400000-0x000000000097F000-memory.dmpFilesize
5.5MB
-
memory/1200-135-0x0000000000400000-0x000000000097F000-memory.dmpFilesize
5.5MB