Analysis
-
max time kernel
143s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
14-06-2023 20:33
Behavioral task
behavioral1
Sample
0e8927bfc318328c4623c86684534071ed6c3dc14c445174a2161c618b39c4d5.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0e8927bfc318328c4623c86684534071ed6c3dc14c445174a2161c618b39c4d5.dll
Resource
win10v2004-20230220-en
General
-
Target
0e8927bfc318328c4623c86684534071ed6c3dc14c445174a2161c618b39c4d5.dll
-
Size
149KB
-
MD5
061e24e3c909e73a6d16ce75dcd9d11e
-
SHA1
642e3afba188dbee2566045c2634fc2f18546fc5
-
SHA256
0e8927bfc318328c4623c86684534071ed6c3dc14c445174a2161c618b39c4d5
-
SHA512
9b7c6aae9592b542de4cfcc349c8bc0329c49e1913ec32458eaf938849cf6008d06d1962fea1b863b64e9cd78ce2cf22bbfc819858fc1597ec2ea313157ed24e
-
SSDEEP
3072:CIxY7PFdz01HxiAZN4fisQZUmO1O5AwcfAg0FujBVpKbHycI9KP:z+7IFxPKfisQZCDfAONhcI9
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 3 788 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1856 wrote to memory of 788 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 788 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 788 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 788 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 788 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 788 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 788 1856 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0e8927bfc318328c4623c86684534071ed6c3dc14c445174a2161c618b39c4d5.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0e8927bfc318328c4623c86684534071ed6c3dc14c445174a2161c618b39c4d5.dll,#12⤵
- Blocklisted process makes network request
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/788-55-0x0000000075370000-0x00000000753B0000-memory.dmpFilesize
256KB
-
memory/788-54-0x0000000075370000-0x00000000753B0000-memory.dmpFilesize
256KB
-
memory/788-56-0x00000000753B0000-0x00000000753F0000-memory.dmpFilesize
256KB
-
memory/788-57-0x0000000075370000-0x00000000753B0000-memory.dmpFilesize
256KB
-
memory/788-58-0x0000000075370000-0x00000000753B0000-memory.dmpFilesize
256KB
-
memory/788-59-0x0000000075370000-0x00000000753B0000-memory.dmpFilesize
256KB
-
memory/788-64-0x0000000075370000-0x00000000753B0000-memory.dmpFilesize
256KB
-
memory/788-70-0x0000000075370000-0x00000000753B0000-memory.dmpFilesize
256KB