Analysis
-
max time kernel
28s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230621-en -
resource tags
arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system -
submitted
21-06-2023 21:59
Behavioral task
behavioral1
Sample
b4c333ea21e344225e385d84762a230951b78df195ebb82263ceeb7e800504e9.dll
Resource
win7-20230621-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
b4c333ea21e344225e385d84762a230951b78df195ebb82263ceeb7e800504e9.dll
Resource
win10v2004-20230621-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
b4c333ea21e344225e385d84762a230951b78df195ebb82263ceeb7e800504e9.dll
-
Size
831KB
-
MD5
30ce41719a73809302d8dd6e9bb0c24c
-
SHA1
705191371aeb7180dfe497732900bfd8ccb69b65
-
SHA256
b4c333ea21e344225e385d84762a230951b78df195ebb82263ceeb7e800504e9
-
SHA512
7befcefc3fccc947c7ddecdff15d3a1cfe8330441e99b9b76c273cdd72a284011157c00a1b9b45ba6f65e03bb07927fcd41bf81c7a86c46ad100a8f6ec47dca6
-
SSDEEP
24576:WxIMqwpB35MKFvQCa04XHaBWBxR7txDcPjBx:uFNpBpMKFvQCR4X6BWBx
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2012 wrote to memory of 2040 2012 rundll32.exe rundll32.exe PID 2012 wrote to memory of 2040 2012 rundll32.exe rundll32.exe PID 2012 wrote to memory of 2040 2012 rundll32.exe rundll32.exe PID 2012 wrote to memory of 2040 2012 rundll32.exe rundll32.exe PID 2012 wrote to memory of 2040 2012 rundll32.exe rundll32.exe PID 2012 wrote to memory of 2040 2012 rundll32.exe rundll32.exe PID 2012 wrote to memory of 2040 2012 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b4c333ea21e344225e385d84762a230951b78df195ebb82263ceeb7e800504e9.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b4c333ea21e344225e385d84762a230951b78df195ebb82263ceeb7e800504e9.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2040-54-0x0000000002350000-0x0000000002807000-memory.dmpFilesize
4.7MB