Overview

overview

7

Static

static

7

64813f8320...e1.dll

windows7-x64

1

64813f8320...e1.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    36s
  • max time network
    38s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    17-02-2023 20:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64813f8320778ec94c8624becc3ab6f2afdf72f00519a6d0347d59b02797bfe1.dll

  • Size

    1.6MB

  • MD5

    e8947f2541dc72314fb0c68dc65c06c0

  • SHA1

    7928e7d53940f8235d1f96869df715f3725dbd4f

  • SHA256

    64813f8320778ec94c8624becc3ab6f2afdf72f00519a6d0347d59b02797bfe1

  • SHA512

    0973c1fbc9a289d99cce7e127a06cd88e9a68569e3250502d578db5ea645d23277047e16945f12e9ea4e34b60deffcacdb864feecc8b4338c67b6c51a60c42b7

  • SSDEEP

    24576:9tpPh1D2KaKCVDOyAgS/W50M71huyEFnYGFmS1Y3lEOd7xdGQ8RyV9Bly:ph1DYFzAq6M7rMFYy03lE6z8CK

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\64813f8320778ec94c8624becc3ab6f2afdf72f00519a6d0347d59b02797bfe1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\64813f8320778ec94c8624becc3ab6f2afdf72f00519a6d0347d59b02797bfe1.dll,#1
      2⤵
        PID:1488

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1488-54-0x0000000000000000-mapping.dmp

      Download

    • memory/1488-55-0x0000000075AD1000-0x0000000075AD3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1488-56-0x0000000001DB0000-0x000000000231D000-memory.dmp

      Filesize

      5.4MB

      Download

    • memory/1488-57-0x0000000001DB0000-0x000000000231D000-memory.dmp

      Filesize

      5.4MB

      Download

    • memory/1488-58-0x0000000001DB0000-0x000000000231D000-memory.dmp

      Filesize

      5.4MB

      Download