Analysis
-
max time kernel
81s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
22-02-2023 19:11
Behavioral task
behavioral1
Sample
80511dfd999f43187d6dd47ac037ac3c7b81ecb33995dbceff2b1da9aacbcd4c.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
80511dfd999f43187d6dd47ac037ac3c7b81ecb33995dbceff2b1da9aacbcd4c.dll
Resource
win10v2004-20230220-en
General
-
Target
80511dfd999f43187d6dd47ac037ac3c7b81ecb33995dbceff2b1da9aacbcd4c.dll
-
Size
868KB
-
MD5
2dfdb447373f9026e0d5d0c58d82b217
-
SHA1
c5080f4913b1dcc47e19b1117b0340ebe0d03f7f
-
SHA256
80511dfd999f43187d6dd47ac037ac3c7b81ecb33995dbceff2b1da9aacbcd4c
-
SHA512
ea13ccd7ca1614c945d93313b589d007b71b80b219cfe2ac269426c7851e00cba0d3eace0d5d8fd7af6651dfbe83d2d1b06d1a9f87a87fe0c12e988d6b71b413
-
SSDEEP
12288:3438zRB4ozbn6walpv/YkhJ9Sa30p+1XV3LMNHCtHfAItXctAR0iCJE3mki7jigR:oORZzGpjDhaakoJJxdtXcWHIY4O/SV
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4580 wrote to memory of 5112 4580 rundll32.exe rundll32.exe PID 4580 wrote to memory of 5112 4580 rundll32.exe rundll32.exe PID 4580 wrote to memory of 5112 4580 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\80511dfd999f43187d6dd47ac037ac3c7b81ecb33995dbceff2b1da9aacbcd4c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\80511dfd999f43187d6dd47ac037ac3c7b81ecb33995dbceff2b1da9aacbcd4c.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/5112-133-0x0000000000400000-0x0000000000676000-memory.dmpFilesize
2.5MB