Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
01-04-2023 18:58
Behavioral task
behavioral1
Sample
a8fb9f7d30af3997b364fb7d8eca51dede5ea390f0af17edee318c9de6bcea28.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
a8fb9f7d30af3997b364fb7d8eca51dede5ea390f0af17edee318c9de6bcea28.dll
Resource
win10v2004-20230220-en
General
-
Target
a8fb9f7d30af3997b364fb7d8eca51dede5ea390f0af17edee318c9de6bcea28.dll
-
Size
226KB
-
MD5
ac7815cf165d1a233ce143b175de1c25
-
SHA1
896273c8434350bdccb88d559b877b2929a6a06f
-
SHA256
a8fb9f7d30af3997b364fb7d8eca51dede5ea390f0af17edee318c9de6bcea28
-
SHA512
3a93927201b9bd17870cf5719e2aee71157f414f6f682b989f8f2be000ccb1b29c215f3a42d3a769a948760496615a8dd2e57dc362f89f974a4f6009e3edbb3a
-
SSDEEP
3072:gH6AhWDMFXdso/72cB2ADR9EeJhGShp5GnceGvQWo5YEW+C1MRqVNNxgNqxH8AMq:XIn/7SGYSqceQo6n+6MRoNNUZU213s
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 856 wrote to memory of 1236 856 rundll32.exe rundll32.exe PID 856 wrote to memory of 1236 856 rundll32.exe rundll32.exe PID 856 wrote to memory of 1236 856 rundll32.exe rundll32.exe PID 856 wrote to memory of 1236 856 rundll32.exe rundll32.exe PID 856 wrote to memory of 1236 856 rundll32.exe rundll32.exe PID 856 wrote to memory of 1236 856 rundll32.exe rundll32.exe PID 856 wrote to memory of 1236 856 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a8fb9f7d30af3997b364fb7d8eca51dede5ea390f0af17edee318c9de6bcea28.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:856 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a8fb9f7d30af3997b364fb7d8eca51dede5ea390f0af17edee318c9de6bcea28.dll,#12⤵PID:1236
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1236-54-0x00000000006A0000-0x0000000000740000-memory.dmpFilesize
640KB