Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
04/06/2023, 18:48
Behavioral task
behavioral1
Sample
e3b914657f8c1ab8a02fe4dfc040ed90a79683a7317cc7a499089247aa7f646d.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral2
Sample
e3b914657f8c1ab8a02fe4dfc040ed90a79683a7317cc7a499089247aa7f646d.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
General
-
Target
e3b914657f8c1ab8a02fe4dfc040ed90a79683a7317cc7a499089247aa7f646d.dll
-
Size
1.1MB
-
MD5
9525e5786e95d8805ae4d98a2f2e7ee4
-
SHA1
36c906e3d14a17eb3acb3715929baa5a01a62768
-
SHA256
e3b914657f8c1ab8a02fe4dfc040ed90a79683a7317cc7a499089247aa7f646d
-
SHA512
39a6ede1e75f58136aad22d87b4caf7e32fbe0fc37778eeda9461a14364cc7f5809cf78faa6f9f908ad2bd2f971e5d6d5bdf8bf239697b56b3676b3c7bdffdfd
-
SSDEEP
24576:XCsQeoZ2Jpt6/yPllX/vZe/IlaJdjKT172O74RJugoSg1Iak:Xz6/ytp/xonJdE7R4RJugol1Iak
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
flow pid Process 22 2396 rundll32.exe 23 2396 rundll32.exe 25 2396 rundll32.exe 26 2396 rundll32.exe 30 2396 rundll32.exe 31 2396 rundll32.exe 32 2396 rundll32.exe 33 2396 rundll32.exe 35 2396 rundll32.exe 36 2396 rundll32.exe 37 2396 rundll32.exe 38 2396 rundll32.exe 41 2396 rundll32.exe 43 2396 rundll32.exe 46 2396 rundll32.exe 47 2396 rundll32.exe 52 2396 rundll32.exe 53 2396 rundll32.exe 60 2396 rundll32.exe 61 2396 rundll32.exe 64 2396 rundll32.exe 65 2396 rundll32.exe 66 2396 rundll32.exe 67 2396 rundll32.exe 71 2396 rundll32.exe 72 2396 rundll32.exe 74 2396 rundll32.exe 75 2396 rundll32.exe 81 2396 rundll32.exe 82 2396 rundll32.exe 83 2396 rundll32.exe 84 2396 rundll32.exe 85 2396 rundll32.exe 86 2396 rundll32.exe 87 2396 rundll32.exe 88 2396 rundll32.exe 89 2396 rundll32.exe 90 2396 rundll32.exe 91 2396 rundll32.exe 92 2396 rundll32.exe 95 2396 rundll32.exe 96 2396 rundll32.exe 97 2396 rundll32.exe 98 2396 rundll32.exe 102 2396 rundll32.exe 103 2396 rundll32.exe 104 2396 rundll32.exe 105 2396 rundll32.exe 106 2396 rundll32.exe 107 2396 rundll32.exe 109 2396 rundll32.exe 110 2396 rundll32.exe 111 2396 rundll32.exe 112 2396 rundll32.exe 113 2396 rundll32.exe 114 2396 rundll32.exe 115 2396 rundll32.exe 116 2396 rundll32.exe 119 2396 rundll32.exe 120 2396 rundll32.exe 122 2396 rundll32.exe 123 2396 rundll32.exe 124 2396 rundll32.exe 125 2396 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2708 wrote to memory of 2396 2708 rundll32.exe 83 PID 2708 wrote to memory of 2396 2708 rundll32.exe 83 PID 2708 wrote to memory of 2396 2708 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e3b914657f8c1ab8a02fe4dfc040ed90a79683a7317cc7a499089247aa7f646d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2708 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e3b914657f8c1ab8a02fe4dfc040ed90a79683a7317cc7a499089247aa7f646d.dll,#12⤵
- Blocklisted process makes network request
PID:2396
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
377KB
MD5cf0fa714033e3f00a7c76b8f4c04eaa3
SHA100a2cd603446060f10d6b0b0024e4a56db1a95f8
SHA2567e3c4b14b0148b608c54ab39cc418af41e9a1a53e840b8d548869a8ab1c74db0
SHA51210ce809a24bee689f76d11020897e63efcfdb2078e38c3a5395b3ca39f4868c346c3f61fec1069bdee1696dcbb93c85fec168b76f8903d72128fad8413ab135d