e3b914657f8c1ab8a02fe4dfc040ed90a79683a7317cc7a499089247aa7f646d | Triage

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
04-06-2023 18:55

Sharing

Report Analysis Logs

General

Target

04277099.dll
Size

1.1MB
MD5

9525e5786e95d8805ae4d98a2f2e7ee4
SHA1

36c906e3d14a17eb3acb3715929baa5a01a62768
SHA256

e3b914657f8c1ab8a02fe4dfc040ed90a79683a7317cc7a499089247aa7f646d
SHA512

39a6ede1e75f58136aad22d87b4caf7e32fbe0fc37778eeda9461a14364cc7f5809cf78faa6f9f908ad2bd2f971e5d6d5bdf8bf239697b56b3676b3c7bdffdfd
SSDEEP

24576:XCsQeoZ2Jpt6/yPllX/vZe/IlaJdjKT172O74RJugoSg1Iak:Xz6/ytp/xonJdE7R4RJugol1Iak

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 64 IoCs

Processes:

rundll32.exe

flow	pid	process
2	1172	rundll32.exe
4	1172	rundll32.exe
6	1172	rundll32.exe
7	1172	rundll32.exe
8	1172	rundll32.exe
9	1172	rundll32.exe
10	1172	rundll32.exe
11	1172	rundll32.exe
12	1172	rundll32.exe
13	1172	rundll32.exe
14	1172	rundll32.exe
15	1172	rundll32.exe
16	1172	rundll32.exe
17	1172	rundll32.exe
19	1172	rundll32.exe
20	1172	rundll32.exe
21	1172	rundll32.exe
22	1172	rundll32.exe
23	1172	rundll32.exe
24	1172	rundll32.exe
25	1172	rundll32.exe
26	1172	rundll32.exe
27	1172	rundll32.exe
28	1172	rundll32.exe
29	1172	rundll32.exe
30	1172	rundll32.exe
31	1172	rundll32.exe
32	1172	rundll32.exe
33	1172	rundll32.exe
34	1172	rundll32.exe
35	1172	rundll32.exe
36	1172	rundll32.exe
37	1172	rundll32.exe
38	1172	rundll32.exe
39	1172	rundll32.exe
40	1172	rundll32.exe
41	1172	rundll32.exe
42	1172	rundll32.exe
43	1172	rundll32.exe
44	1172	rundll32.exe
45	1172	rundll32.exe
46	1172	rundll32.exe
47	1172	rundll32.exe
48	1172	rundll32.exe
49	1172	rundll32.exe
50	1172	rundll32.exe
51	1172	rundll32.exe
52	1172	rundll32.exe
53	1172	rundll32.exe
54	1172	rundll32.exe
55	1172	rundll32.exe
56	1172	rundll32.exe
57	1172	rundll32.exe
58	1172	rundll32.exe
59	1172	rundll32.exe
60	1172	rundll32.exe
61	1172	rundll32.exe
62	1172	rundll32.exe
63	1172	rundll32.exe
64	1172	rundll32.exe
65	1172	rundll32.exe
66	1172	rundll32.exe
67	1172	rundll32.exe
68	1172	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1124 wrote to memory of 1172	1124	rundll32.exe	rundll32.exe
PID 1124 wrote to memory of 1172	1124	rundll32.exe	rundll32.exe
PID 1124 wrote to memory of 1172	1124	rundll32.exe	rundll32.exe
PID 1124 wrote to memory of 1172	1124	rundll32.exe	rundll32.exe
PID 1124 wrote to memory of 1172	1124	rundll32.exe	rundll32.exe
PID 1124 wrote to memory of 1172	1124	rundll32.exe	rundll32.exe
PID 1124 wrote to memory of 1172	1124	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04277099.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1124

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04277099.dll,#1
2⤵
- Blocklisted process makes network request
PID:1172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHKTFKHM\A4702N39.htm
Filesize
377KB

MD5
83a4b153de4ba30730cbecae90755f78

SHA1
0bdc2cdb9ff7744cb12b8446dacbec0509355865

SHA256
46a778a44aa411b1a938b6995d379ac8a0ba71e43ce57b60a15f5b89e543479a

SHA512
67196fdfe529d87b853c4ac003aab0c1e006e3c47f27535db7095721099fac6d1a07a73183a1b9d8447d2770448ba57d657bc73520b616ec082bb3d1ed4be6dd

Download Submit