Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
19-02-2023 04:47
General
-
Target
35d1192113012fecf7b0e908a4f923941c4f529175dbb690ce6ec4adfea6bea9.dll
-
Size
437KB
-
MD5
601d1a8fd2efd5d524c36fddca3f64af
-
SHA1
96ef20d9e6b79c873fe367976b362f57c5feab4a
-
SHA256
35d1192113012fecf7b0e908a4f923941c4f529175dbb690ce6ec4adfea6bea9
-
SHA512
a1af010d193f1c82941005d47bf4a55d9b961e18ace062c4206a94cb60e1e3f15afb23df95afef2675a9d3835737004204485bf171c90c5d16a93ed8f7bd0f67
-
SSDEEP
6144:5oNPAqviXmC/r2ck6YaCBdX26Nu2NwA97YSOiWOpkTcc/y8rsGVaMZVk4CgOLPDo:6JSrynaCBQgF90cWVgPGVaM7HjOTM
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of SetWindowsHookEx 14 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\35d1192113012fecf7b0e908a4f923941c4f529175dbb690ce6ec4adfea6bea9.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\35d1192113012fecf7b0e908a4f923941c4f529175dbb690ce6ec4adfea6bea9.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1712-54-0x0000000000000000-mapping.dmp
-
memory/1712-55-0x0000000075591000-0x0000000075593000-memory.dmpFilesize
8KB
-
memory/1712-57-0x0000000010000000-0x000000001011C000-memory.dmpFilesize
1.1MB
-
memory/1712-56-0x0000000010000000-0x000000001011C000-memory.dmpFilesize
1.1MB
-
memory/1712-58-0x0000000010000000-0x000000001011C000-memory.dmpFilesize
1.1MB
-
memory/1712-59-0x0000000010000000-0x000000001011C000-memory.dmpFilesize
1.1MB
-
memory/1712-60-0x0000000010000000-0x000000001011C000-memory.dmpFilesize
1.1MB