Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
16-02-2023 21:19
Behavioral task
behavioral1
Sample
50b66de4364913f7f06991416b1501ced8e0dedb3ae684e62490dc984036a646.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
50b66de4364913f7f06991416b1501ced8e0dedb3ae684e62490dc984036a646.dll
Resource
win10v2004-20220812-en
General
-
Target
50b66de4364913f7f06991416b1501ced8e0dedb3ae684e62490dc984036a646.dll
-
Size
712KB
-
MD5
c0098332e9f89574931d93717f1081f2
-
SHA1
29867bfe6a8a66f5a576b3217c18e53fff27737f
-
SHA256
50b66de4364913f7f06991416b1501ced8e0dedb3ae684e62490dc984036a646
-
SHA512
aaee0af0e0382033c364857b8e7f44b09eed1b9849029236654106caeaf01ffc19a40270214851fbcc366239bacde508e69f4c1930991e6867552cae5300a39f
-
SSDEEP
12288:4mZyvwDCBT8jCukuWm8yrAZ6DKGIBe9Be4dfSpHYD9YNbY:4JDkkuEX6DUBe9Btd6puYNbY
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 944 wrote to memory of 1724 944 rundll32.exe rundll32.exe PID 944 wrote to memory of 1724 944 rundll32.exe rundll32.exe PID 944 wrote to memory of 1724 944 rundll32.exe rundll32.exe PID 944 wrote to memory of 1724 944 rundll32.exe rundll32.exe PID 944 wrote to memory of 1724 944 rundll32.exe rundll32.exe PID 944 wrote to memory of 1724 944 rundll32.exe rundll32.exe PID 944 wrote to memory of 1724 944 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\50b66de4364913f7f06991416b1501ced8e0dedb3ae684e62490dc984036a646.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\50b66de4364913f7f06991416b1501ced8e0dedb3ae684e62490dc984036a646.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1724-54-0x0000000000000000-mapping.dmp
-
memory/1724-55-0x0000000075491000-0x0000000075493000-memory.dmpFilesize
8KB
-
memory/1724-56-0x0000000002050000-0x0000000002241000-memory.dmpFilesize
1.9MB
-
memory/1724-57-0x0000000002050000-0x0000000002241000-memory.dmpFilesize
1.9MB