Analysis
-
max time kernel
32s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
24-03-2023 10:28
Behavioral task
behavioral1
Sample
409e4fe7063faf7674eb05e5f691c856cd8c9818c22869dd8aec43e563557735.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
409e4fe7063faf7674eb05e5f691c856cd8c9818c22869dd8aec43e563557735.dll
Resource
win10v2004-20230220-en
General
-
Target
409e4fe7063faf7674eb05e5f691c856cd8c9818c22869dd8aec43e563557735.dll
-
Size
3.2MB
-
MD5
04b4e9aab7720236309970a5fb118daf
-
SHA1
8a59571601d254c983bb91ac32f9665ed9528af2
-
SHA256
409e4fe7063faf7674eb05e5f691c856cd8c9818c22869dd8aec43e563557735
-
SHA512
cb3680f41ef37cb8b11dd64fde1562e8e5fccd35f5033ea5b6abc30f4e7ceabe37d6e20feb7015eaed0f18e00edbb8631b72cd5494b3723b6971aca0638003ea
-
SSDEEP
98304:Ov170f+VDHfEIgyIJZzOL8eUN4eFMWH0cNti:Ov170cHcIEZKL04iMKVNc
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1308 wrote to memory of 1732 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1732 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1732 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1732 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1732 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1732 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1732 1308 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\409e4fe7063faf7674eb05e5f691c856cd8c9818c22869dd8aec43e563557735.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\409e4fe7063faf7674eb05e5f691c856cd8c9818c22869dd8aec43e563557735.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1732-54-0x00000000021C0000-0x0000000002F03000-memory.dmpFilesize
13.3MB
-
memory/1732-55-0x00000000021C0000-0x0000000002F03000-memory.dmpFilesize
13.3MB
-
memory/1732-56-0x00000000021C0000-0x0000000002F03000-memory.dmpFilesize
13.3MB
-
memory/1732-57-0x00000000021C0000-0x0000000002F03000-memory.dmpFilesize
13.3MB