Analysis
-
max time kernel
82s -
max time network
86s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
22-02-2023 19:11
Behavioral task
behavioral1
Sample
55de61163c33698836202e9673351170f009cb4f775d69b1228d90cb6253276d.dll
Resource
win7-20230220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
55de61163c33698836202e9673351170f009cb4f775d69b1228d90cb6253276d.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
55de61163c33698836202e9673351170f009cb4f775d69b1228d90cb6253276d.dll
-
Size
456KB
-
MD5
c1dd73deb9bb1a1a934cb1041cc67da5
-
SHA1
c8db94abe4666e9a43fee425f7f7c9d8a4c9707f
-
SHA256
55de61163c33698836202e9673351170f009cb4f775d69b1228d90cb6253276d
-
SHA512
5ffde13769a7bf627fad89ab1022fbbe084727bd0db05daff1c13e77a0966333686c43591d11f9c1dbfd96e47cf111e0058a474d4b7e9b4df7d2fadcc684a6f6
-
SSDEEP
12288:wpqhAvKP9TNLB7S9RhC0S7EIyBh2d+sNQKkY5zopL:MRv4l7+R0V7vyH78hpW
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1192 wrote to memory of 764 1192 rundll32.exe rundll32.exe PID 1192 wrote to memory of 764 1192 rundll32.exe rundll32.exe PID 1192 wrote to memory of 764 1192 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\55de61163c33698836202e9673351170f009cb4f775d69b1228d90cb6253276d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\55de61163c33698836202e9673351170f009cb4f775d69b1228d90cb6253276d.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/764-133-0x0000000000400000-0x000000000051C000-memory.dmpFilesize
1.1MB