Analysis
-
max time kernel
57s -
max time network
74s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
21-02-2023 20:27
Behavioral task
behavioral1
Sample
bf0ea49b9bc5ce5bc4eda58f1cb4d6d2aac155f72dd66bc60b7895fc45601d52.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
bf0ea49b9bc5ce5bc4eda58f1cb4d6d2aac155f72dd66bc60b7895fc45601d52.dll
Resource
win10v2004-20230220-en
General
-
Target
bf0ea49b9bc5ce5bc4eda58f1cb4d6d2aac155f72dd66bc60b7895fc45601d52.dll
-
Size
250KB
-
MD5
de1aa0eeff2da9649100cf7e8894661f
-
SHA1
194bfa7bac645fd24b57bbfad5301d753284fe6b
-
SHA256
bf0ea49b9bc5ce5bc4eda58f1cb4d6d2aac155f72dd66bc60b7895fc45601d52
-
SHA512
b30e15f604c41762400d22e5fa82569262c5fbb2ebde0798edf5c9cc8099bf2bef364e9cf7df2d23357d67d29a08682468c98e8b0edec0471a6db467f0e3a72f
-
SSDEEP
3072:V48RYjKFLNBv49yG66ziHls1ZHH5SBWOIinKXkltbQ52HnIqjnEva4JBW+25F:EORl49yxwkKtZSk2/tbQ5rqkej
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4040 wrote to memory of 900 4040 rundll32.exe rundll32.exe PID 4040 wrote to memory of 900 4040 rundll32.exe rundll32.exe PID 4040 wrote to memory of 900 4040 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bf0ea49b9bc5ce5bc4eda58f1cb4d6d2aac155f72dd66bc60b7895fc45601d52.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bf0ea49b9bc5ce5bc4eda58f1cb4d6d2aac155f72dd66bc60b7895fc45601d52.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/900-133-0x0000000000400000-0x0000000000542000-memory.dmpFilesize
1.3MB