Analysis
-
max time kernel
69s -
max time network
78s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
09-05-2023 16:30
General
-
Target
44d370f942987d9128b412435dbc50a22566c8fdce819d84568c4c1606c3e466.dll
-
Size
13KB
-
MD5
25a370c5900d725fbc40518c41723a31
-
SHA1
ec964c63f84e019da9f3e93dd299a69e89fbcfb5
-
SHA256
44d370f942987d9128b412435dbc50a22566c8fdce819d84568c4c1606c3e466
-
SHA512
fb32d8ddac17adbb9eedb06ef46fd1bf7cbd72222b23c813175e9e4b7906752bb13edb2eb1534b0ddf2ec46e002c2908ea7136246dff6d5b89648b2a179f68e4
-
SSDEEP
192:UHlyEnTXZ1eMLfEYzHfdgyVQ0PQ+t4XbLVOOG9bBytrP0:sl/TXZ0MQYzHfdgyy0/8bUOG9b8P
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
-
Modifies registry class 1 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious use of SetWindowsHookEx 13 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\44d370f942987d9128b412435dbc50a22566c8fdce819d84568c4c1606c3e466.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\44d370f942987d9128b412435dbc50a22566c8fdce819d84568c4c1606c3e466.dll,#12⤵
- Blocklisted process makes network request
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\44d370f942987d9128b412435dbc50a22566c8fdce819d84568c4c1606c3e466.dll2⤵
- Opens file in notepad (likely ransom note)