Analysis
-
max time kernel
70s -
max time network
91s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
24-02-2023 21:21
Behavioral task
behavioral1
Sample
0d5da14a61dce9a4f600aaa953c32382f691ac977ded6ced1bfdb72a230e9d60.dll
Resource
win7-20230220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
0d5da14a61dce9a4f600aaa953c32382f691ac977ded6ced1bfdb72a230e9d60.dll
Resource
win10v2004-20230220-en
1 signatures
150 seconds
General
-
Target
0d5da14a61dce9a4f600aaa953c32382f691ac977ded6ced1bfdb72a230e9d60.dll
-
Size
694KB
-
MD5
7b6e1169db39c4c99b5fcd421a334982
-
SHA1
a46e9b23155378c0e833fa260a51e260287f1301
-
SHA256
0d5da14a61dce9a4f600aaa953c32382f691ac977ded6ced1bfdb72a230e9d60
-
SHA512
4ac15d1c5075749aa6023d5ff8d8a03395702c8c916b88c0257bacecfd4022efd4eeb36174c1fe346e89c0915f087370f79db6ecf38c235f00e193dc2bc8604d
-
SSDEEP
12288:N2dXDc/POpLx155e9TtCik58cF19CxWaByEdm+twzrQrw:C4up915w9TQ/N9TaBy+0r2w
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2092 wrote to memory of 844 2092 rundll32.exe rundll32.exe PID 2092 wrote to memory of 844 2092 rundll32.exe rundll32.exe PID 2092 wrote to memory of 844 2092 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0d5da14a61dce9a4f600aaa953c32382f691ac977ded6ced1bfdb72a230e9d60.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0d5da14a61dce9a4f600aaa953c32382f691ac977ded6ced1bfdb72a230e9d60.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/844-133-0x0000000000400000-0x0000000000755000-memory.dmpFilesize
3.3MB