Analysis
-
max time kernel
90s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
29-05-2023 07:32
Behavioral task
behavioral1
Sample
accd07fb568f7e6df0b8631f2146220733c94f71708222f2c455f61b22b9d3ce.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
accd07fb568f7e6df0b8631f2146220733c94f71708222f2c455f61b22b9d3ce.dll
Resource
win10v2004-20230220-en
General
-
Target
accd07fb568f7e6df0b8631f2146220733c94f71708222f2c455f61b22b9d3ce.dll
-
Size
64KB
-
MD5
ad1da0b33566db82b94231693ebe714d
-
SHA1
b2bd6ac63261fdf9f56ac04ffd915890107392b2
-
SHA256
accd07fb568f7e6df0b8631f2146220733c94f71708222f2c455f61b22b9d3ce
-
SHA512
1c92141b7922c249d48919cea48eb04b21a764674bc0385698d5c8bbd580278bb6cc845f2e0649f6a12a3d87cdc75ef9d340ce88cf5e612a669527343ac9a4d1
-
SSDEEP
768:2WH8osl87UHo76MX6G//NpDmqDwBPcD0umk5RMwsGjxYv7fzv9SSI:F8Rl87IMXfKM0o5RMwsRY
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4784 wrote to memory of 1844 4784 rundll32.exe rundll32.exe PID 4784 wrote to memory of 1844 4784 rundll32.exe rundll32.exe PID 4784 wrote to memory of 1844 4784 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\accd07fb568f7e6df0b8631f2146220733c94f71708222f2c455f61b22b9d3ce.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\accd07fb568f7e6df0b8631f2146220733c94f71708222f2c455f61b22b9d3ce.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1844-133-0x0000000000400000-0x000000000042A000-memory.dmpFilesize
168KB