Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
04/06/2023, 18:48
Behavioral task
behavioral1
Sample
e3b914657f8c1ab8a02fe4dfc040ed90a79683a7317cc7a499089247aa7f646d.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral2
Sample
e3b914657f8c1ab8a02fe4dfc040ed90a79683a7317cc7a499089247aa7f646d.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
General
-
Target
e3b914657f8c1ab8a02fe4dfc040ed90a79683a7317cc7a499089247aa7f646d.dll
-
Size
1.1MB
-
MD5
9525e5786e95d8805ae4d98a2f2e7ee4
-
SHA1
36c906e3d14a17eb3acb3715929baa5a01a62768
-
SHA256
e3b914657f8c1ab8a02fe4dfc040ed90a79683a7317cc7a499089247aa7f646d
-
SHA512
39a6ede1e75f58136aad22d87b4caf7e32fbe0fc37778eeda9461a14364cc7f5809cf78faa6f9f908ad2bd2f971e5d6d5bdf8bf239697b56b3676b3c7bdffdfd
-
SSDEEP
24576:XCsQeoZ2Jpt6/yPllX/vZe/IlaJdjKT172O74RJugoSg1Iak:Xz6/ytp/xonJdE7R4RJugol1Iak
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
flow pid Process 2 2044 rundll32.exe 4 2044 rundll32.exe 6 2044 rundll32.exe 7 2044 rundll32.exe 8 2044 rundll32.exe 9 2044 rundll32.exe 10 2044 rundll32.exe 11 2044 rundll32.exe 12 2044 rundll32.exe 13 2044 rundll32.exe 14 2044 rundll32.exe 15 2044 rundll32.exe 16 2044 rundll32.exe 17 2044 rundll32.exe 19 2044 rundll32.exe 20 2044 rundll32.exe 21 2044 rundll32.exe 22 2044 rundll32.exe 23 2044 rundll32.exe 24 2044 rundll32.exe 25 2044 rundll32.exe 26 2044 rundll32.exe 27 2044 rundll32.exe 28 2044 rundll32.exe 29 2044 rundll32.exe 30 2044 rundll32.exe 31 2044 rundll32.exe 32 2044 rundll32.exe 33 2044 rundll32.exe 34 2044 rundll32.exe 35 2044 rundll32.exe 36 2044 rundll32.exe 37 2044 rundll32.exe 38 2044 rundll32.exe 39 2044 rundll32.exe 40 2044 rundll32.exe 41 2044 rundll32.exe 42 2044 rundll32.exe 43 2044 rundll32.exe 44 2044 rundll32.exe 45 2044 rundll32.exe 46 2044 rundll32.exe 47 2044 rundll32.exe 48 2044 rundll32.exe 49 2044 rundll32.exe 50 2044 rundll32.exe 51 2044 rundll32.exe 52 2044 rundll32.exe 53 2044 rundll32.exe 54 2044 rundll32.exe 55 2044 rundll32.exe 56 2044 rundll32.exe 57 2044 rundll32.exe 58 2044 rundll32.exe 59 2044 rundll32.exe 60 2044 rundll32.exe 61 2044 rundll32.exe 62 2044 rundll32.exe 63 2044 rundll32.exe 64 2044 rundll32.exe 65 2044 rundll32.exe 66 2044 rundll32.exe 67 2044 rundll32.exe 68 2044 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2032 wrote to memory of 2044 2032 rundll32.exe 28 PID 2032 wrote to memory of 2044 2032 rundll32.exe 28 PID 2032 wrote to memory of 2044 2032 rundll32.exe 28 PID 2032 wrote to memory of 2044 2032 rundll32.exe 28 PID 2032 wrote to memory of 2044 2032 rundll32.exe 28 PID 2032 wrote to memory of 2044 2032 rundll32.exe 28 PID 2032 wrote to memory of 2044 2032 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e3b914657f8c1ab8a02fe4dfc040ed90a79683a7317cc7a499089247aa7f646d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e3b914657f8c1ab8a02fe4dfc040ed90a79683a7317cc7a499089247aa7f646d.dll,#12⤵
- Blocklisted process makes network request
PID:2044
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QCNSQOTT\MRP41FSB.htm
Filesize377KB
MD5fb20a7a622cb5652d1cfc0c81dcc3e49
SHA16ee9b2fd5fd5b79e6e817dc53c88ca0b8ee6bc8a
SHA25667ce2c571be0e185072ca55ccad8394099e8c6b2716bc1c6090363558ddf5c19
SHA5126018f9db799d1aefc3547ac0f20885facf4a43635d9366da347d9f517f8b6eb1f5eac21b0a981e64a356a380c2ae6bfbfafc24cbfd903aac0411f4c10f682f3b