Analysis
-
max time kernel
135s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
30-05-2023 02:41
Behavioral task
behavioral1
Sample
8eb38b3efc454687b598ce36d27a6ce231e8f420882a17a2de7f01cac48df573.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
8eb38b3efc454687b598ce36d27a6ce231e8f420882a17a2de7f01cac48df573.dll
Resource
win10v2004-20230220-en
General
-
Target
8eb38b3efc454687b598ce36d27a6ce231e8f420882a17a2de7f01cac48df573.dll
-
Size
105KB
-
MD5
fe9c8e7f7ce274b5096a81ad2dfccc15
-
SHA1
0a5b892c907413300a8f249bfba51624f2552b16
-
SHA256
8eb38b3efc454687b598ce36d27a6ce231e8f420882a17a2de7f01cac48df573
-
SHA512
7a01ec7d754c5b2a9e5e7bd7fa0340237d2498b8d903d12c6718ff7271a2916c9f740b5c408f387f1b809596bf9e545ec8b051479b7f4f882192812b8f6b3ef9
-
SSDEEP
1536:S8IyWVObZzMIOP8GVRigfij7ZdFeePAhhnMcKWSb4lWy3VoY:S8IyYObxROP8GVkgfiPZrLPGnMcwubF
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4628 wrote to memory of 1640 4628 rundll32.exe rundll32.exe PID 4628 wrote to memory of 1640 4628 rundll32.exe rundll32.exe PID 4628 wrote to memory of 1640 4628 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8eb38b3efc454687b598ce36d27a6ce231e8f420882a17a2de7f01cac48df573.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8eb38b3efc454687b598ce36d27a6ce231e8f420882a17a2de7f01cac48df573.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1640-133-0x0000000000400000-0x0000000000475000-memory.dmpFilesize
468KB