Analysis
-
max time kernel
123s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
01-04-2023 19:46
Behavioral task
behavioral1
Sample
6d5a4f40273d10698ee793e7d70b5bc49c88bee0c5ac956eee2f2d9d78aac6aa.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
6d5a4f40273d10698ee793e7d70b5bc49c88bee0c5ac956eee2f2d9d78aac6aa.dll
Resource
win10v2004-20230220-en
General
-
Target
6d5a4f40273d10698ee793e7d70b5bc49c88bee0c5ac956eee2f2d9d78aac6aa.dll
-
Size
178KB
-
MD5
a6388cb39600c65a4fc195e84fabae5f
-
SHA1
24fc54281c2b9267e28a4afc9881c875a6d603e1
-
SHA256
6d5a4f40273d10698ee793e7d70b5bc49c88bee0c5ac956eee2f2d9d78aac6aa
-
SHA512
a3d804181cb8d1844aaa05e47b5129a11216d291a1285999ffae56f38c9d9a395e58d6358e2880b9320b593655fc3acfc5b331548d8c92826eed4eeedf6f3ef0
-
SSDEEP
3072:GP9mKdRX7jneMx6wkvAD2Uxh+K2V5z7I+eHrr1O2I+Nq20V623T5OhvvVK:D8awdD2Waz7vOQ2lOfTYhXE
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4448 wrote to memory of 1536 4448 rundll32.exe rundll32.exe PID 4448 wrote to memory of 1536 4448 rundll32.exe rundll32.exe PID 4448 wrote to memory of 1536 4448 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6d5a4f40273d10698ee793e7d70b5bc49c88bee0c5ac956eee2f2d9d78aac6aa.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6d5a4f40273d10698ee793e7d70b5bc49c88bee0c5ac956eee2f2d9d78aac6aa.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1536-133-0x0000000000400000-0x000000000046E000-memory.dmpFilesize
440KB