Analysis
-
max time kernel
28s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
21-02-2023 20:27
Behavioral task
behavioral1
Sample
bf0ea49b9bc5ce5bc4eda58f1cb4d6d2aac155f72dd66bc60b7895fc45601d52.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
bf0ea49b9bc5ce5bc4eda58f1cb4d6d2aac155f72dd66bc60b7895fc45601d52.dll
Resource
win10v2004-20230220-en
General
-
Target
bf0ea49b9bc5ce5bc4eda58f1cb4d6d2aac155f72dd66bc60b7895fc45601d52.dll
-
Size
250KB
-
MD5
de1aa0eeff2da9649100cf7e8894661f
-
SHA1
194bfa7bac645fd24b57bbfad5301d753284fe6b
-
SHA256
bf0ea49b9bc5ce5bc4eda58f1cb4d6d2aac155f72dd66bc60b7895fc45601d52
-
SHA512
b30e15f604c41762400d22e5fa82569262c5fbb2ebde0798edf5c9cc8099bf2bef364e9cf7df2d23357d67d29a08682468c98e8b0edec0471a6db467f0e3a72f
-
SSDEEP
3072:V48RYjKFLNBv49yG66ziHls1ZHH5SBWOIinKXkltbQ52HnIqjnEva4JBW+25F:EORl49yxwkKtZSk2/tbQ5rqkej
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2008 wrote to memory of 2020 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 2020 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 2020 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 2020 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 2020 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 2020 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 2020 2008 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bf0ea49b9bc5ce5bc4eda58f1cb4d6d2aac155f72dd66bc60b7895fc45601d52.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bf0ea49b9bc5ce5bc4eda58f1cb4d6d2aac155f72dd66bc60b7895fc45601d52.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2020-54-0x0000000000880000-0x00000000009C2000-memory.dmpFilesize
1.3MB