Analysis
-
max time kernel
91s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
01-04-2023 18:55
Behavioral task
behavioral1
Sample
5fd45dad8abbc7589e2bd19543b69531f5c7cf8959968386bd953231672c32d5.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5fd45dad8abbc7589e2bd19543b69531f5c7cf8959968386bd953231672c32d5.dll
Resource
win10v2004-20230220-en
General
-
Target
5fd45dad8abbc7589e2bd19543b69531f5c7cf8959968386bd953231672c32d5.dll
-
Size
149KB
-
MD5
6b56ccb64946e9de7fcb1c056ff2f9fb
-
SHA1
35606b9e56aeb1f28f1c9959031ff60c097442ce
-
SHA256
5fd45dad8abbc7589e2bd19543b69531f5c7cf8959968386bd953231672c32d5
-
SHA512
c73545c2fcb1dc05f5294943356ed7d2844405dd20c7d4088651e8e6e925f181cee3e61a39c657024da06592f93f58fd757ba8d5698e2eff851be35d95f53e43
-
SSDEEP
3072:SohrbMz/a9kj5O9GgbPikuBj1YRq1xLf/5nLkM9eSF7MqkSsKmdSN6:1bMz/a9k1O9XPk1YRGf/5nLF9eSHsKmz
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2152 wrote to memory of 3100 2152 rundll32.exe rundll32.exe PID 2152 wrote to memory of 3100 2152 rundll32.exe rundll32.exe PID 2152 wrote to memory of 3100 2152 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5fd45dad8abbc7589e2bd19543b69531f5c7cf8959968386bd953231672c32d5.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2152 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5fd45dad8abbc7589e2bd19543b69531f5c7cf8959968386bd953231672c32d5.dll,#12⤵PID:3100
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3100-133-0x0000000000400000-0x000000000046D000-memory.dmpFilesize
436KB