695e7e6b183b7b57c8b7113cb2d771a44e33d8d8158b2c74bbd9e71ddb860699 | Triage

Analysis

max time kernel
165s
max time network
180s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
28-02-2023 01:51

Sharing

Report Analysis Logs

General

Target

Nmzquuiantsnzvtelvd.dll
Size

2.4MB
MD5

10f35d34423fc1e5da07799c25be8861
SHA1

dc160b11e3e5bd56a7f787f96f900c65c37b24f0
SHA256

695e7e6b183b7b57c8b7113cb2d771a44e33d8d8158b2c74bbd9e71ddb860699
SHA512

3190423d0871c2b5ca1c1d14c9b5290476d3c498ec574d0b7d15c41a889f3a7f872fd44129b31585ec21ccf9305f9905a6b94d3d95cca8428bec95eee37785ce
SSDEEP

49152:gmRA663TbtnUrttILB5QqzK7QjcfJg/pQjF:oTbtnIteTzjcfu/O5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 3044	2308	cmd.exe	70
PID 2308 wrote to memory of 3044	2308	cmd.exe	70
PID 2308 wrote to memory of 1220	2308	cmd.exe	71
PID 2308 wrote to memory of 1220	2308	cmd.exe	71

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Nmzquuiantsnzvtelvd.dll,#1
1⤵
PID:2804

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Windows\system32\regsvr32.exe
  regsvr32 Nmzquuiantsnzvtelvd.dll
  2⤵
  PID:3044
- C:\Windows\system32\regsvr32.exe
  regsvr32 /s Nmzquuiantsnzvtelvd.dll
  2⤵
  PID:1220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads