Analysis
-
max time kernel
83s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
17-03-2023 22:00
Behavioral task
behavioral1
Sample
bafdaab84e88bea5a7378236bb29f20d583f36a8d0c24c563cf93fc8935b67d0.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
bafdaab84e88bea5a7378236bb29f20d583f36a8d0c24c563cf93fc8935b67d0.dll
Resource
win10v2004-20230220-en
General
-
Target
bafdaab84e88bea5a7378236bb29f20d583f36a8d0c24c563cf93fc8935b67d0.dll
-
Size
2.1MB
-
MD5
a944c319f7383377cefe68709056c674
-
SHA1
a31b7731fcf0df14401531c8295205a2d20c25e7
-
SHA256
bafdaab84e88bea5a7378236bb29f20d583f36a8d0c24c563cf93fc8935b67d0
-
SHA512
b8b81cf3bcf8a43cea3ee1f6f0e9fa4359fc2fa1b20c848b2ff1b1b7b288f299a722ef77cb7eea8cf9caf4e84208ed12d5fb965d1a3d77fc079d0cbed0bd0dc3
-
SSDEEP
49152:vqf/yWkEgFoSWNjt4Onwti9ipF41Ltz1VKGdirw9DSjcTiVAKQNMwN:if6XEgFSIpAtXKNjZQdN
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4592 wrote to memory of 4544 4592 rundll32.exe rundll32.exe PID 4592 wrote to memory of 4544 4592 rundll32.exe rundll32.exe PID 4592 wrote to memory of 4544 4592 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bafdaab84e88bea5a7378236bb29f20d583f36a8d0c24c563cf93fc8935b67d0.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bafdaab84e88bea5a7378236bb29f20d583f36a8d0c24c563cf93fc8935b67d0.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4544-133-0x0000000042200000-0x000000004284D000-memory.dmpFilesize
6.3MB