Analysis
-
max time kernel
142s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
30-08-2023 22:23
General
-
Target
f2fba351268331fecb70ee9b2f94d0e8ff633ec6cef8ed6c7531e0169ce0ea70.dll
-
Size
6.0MB
-
MD5
4794bc6b9d962cfa8d2594f831cbdf03
-
SHA1
988d6f480a3354de0fb92e6541c1591dd391b86e
-
SHA256
f2fba351268331fecb70ee9b2f94d0e8ff633ec6cef8ed6c7531e0169ce0ea70
-
SHA512
bfc2ed92a796903915fb1e6a3668f5b798e275ce99ed111c16ecaaf9a94b9aedf3af37304b08e67cb117a7fb90e7d82655c45ea176d92a48a128d80523c238b0
-
SSDEEP
196608:cR2RAtBpkRvmHt79+rrpw1PJWfUKZM7/bOCz:cFoNmHt79+rrpwNJWZZM7TOC
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Drops file in System32 directory 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f2fba351268331fecb70ee9b2f94d0e8ff633ec6cef8ed6c7531e0169ce0ea70.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f2fba351268331fecb70ee9b2f94d0e8ff633ec6cef8ed6c7531e0169ce0ea70.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
176KB
MD5a0ce0247d48fecaac607edb1e2d87fd8
SHA1346bf586bdf6ae4181c685fa74adf4524328d469
SHA2565a0b1c4e5d91fd67a1ad23e5ce869899b79a7282cb6e5533dc5c074eb59306ec
SHA51238a03530dfafe3030ece87dad7af28baff8e79f87618f1510bcb5b7f994632745dc70f9062ba6bdbcd408062786bbb3c37a53c21423d1f172663d9e57c232986