Analysis
-
max time kernel
150s -
max time network
162s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
11-10-2023 23:55
Behavioral task
behavioral1
Sample
32602b83cb642cce4db9fdc68b8c101febda0b37ef2b36007cc30181297804d7.dll
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral2
Sample
32602b83cb642cce4db9fdc68b8c101febda0b37ef2b36007cc30181297804d7.dll
Resource
win10v2004-20230915-en
windows10-2004-x64
General
-
Target
32602b83cb642cce4db9fdc68b8c101febda0b37ef2b36007cc30181297804d7.dll
-
Size
444KB
-
MD5
f6468579f2fb9b38f28e60f23bcef21d
-
SHA1
2306557eeb8cdc1d252dd9c97770f986f0ff080b
-
SHA256
32602b83cb642cce4db9fdc68b8c101febda0b37ef2b36007cc30181297804d7
-
SHA512
8f07b6fcfd12ce11ec16abd74c834bae8041b1b0f1eb6a5665e45c67e04ae30ebff9f6e8410ae2c81807f22b38bd913d5ebcea360a1fd9b0f6e986a1a6433cbc
-
SSDEEP
12288:+bPJ0HPviHSJuT4JqNtw8z98MdEtLcbdpZ7:+bh0vviHas4Jaw8z9rzbx
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
flow pid Process 3 2600 rundll32.exe 5 2600 rundll32.exe 7 2600 rundll32.exe 8 2600 rundll32.exe 9 2600 rundll32.exe 10 2600 rundll32.exe 11 2600 rundll32.exe 12 2600 rundll32.exe 13 2600 rundll32.exe 14 2600 rundll32.exe 15 2600 rundll32.exe 16 2600 rundll32.exe 17 2600 rundll32.exe 18 2600 rundll32.exe 19 2600 rundll32.exe 20 2600 rundll32.exe 21 2600 rundll32.exe 22 2600 rundll32.exe 23 2600 rundll32.exe 24 2600 rundll32.exe 25 2600 rundll32.exe 26 2600 rundll32.exe 27 2600 rundll32.exe 28 2600 rundll32.exe 29 2600 rundll32.exe 30 2600 rundll32.exe 31 2600 rundll32.exe 32 2600 rundll32.exe 33 2600 rundll32.exe 34 2600 rundll32.exe 35 2600 rundll32.exe 36 2600 rundll32.exe 37 2600 rundll32.exe 38 2600 rundll32.exe 39 2600 rundll32.exe 40 2600 rundll32.exe 41 2600 rundll32.exe 42 2600 rundll32.exe 43 2600 rundll32.exe 44 2600 rundll32.exe 45 2600 rundll32.exe 46 2600 rundll32.exe 47 2600 rundll32.exe 48 2600 rundll32.exe 49 2600 rundll32.exe 50 2600 rundll32.exe 51 2600 rundll32.exe 52 2600 rundll32.exe 53 2600 rundll32.exe 54 2600 rundll32.exe 55 2600 rundll32.exe 56 2600 rundll32.exe 57 2600 rundll32.exe 58 2600 rundll32.exe 59 2600 rundll32.exe 60 2600 rundll32.exe 61 2600 rundll32.exe 62 2600 rundll32.exe 63 2600 rundll32.exe 64 2600 rundll32.exe 65 2600 rundll32.exe 66 2600 rundll32.exe 67 2600 rundll32.exe 68 2600 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2160 wrote to memory of 2600 2160 rundll32.exe 28 PID 2160 wrote to memory of 2600 2160 rundll32.exe 28 PID 2160 wrote to memory of 2600 2160 rundll32.exe 28 PID 2160 wrote to memory of 2600 2160 rundll32.exe 28 PID 2160 wrote to memory of 2600 2160 rundll32.exe 28 PID 2160 wrote to memory of 2600 2160 rundll32.exe 28 PID 2160 wrote to memory of 2600 2160 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\32602b83cb642cce4db9fdc68b8c101febda0b37ef2b36007cc30181297804d7.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2160 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\32602b83cb642cce4db9fdc68b8c101febda0b37ef2b36007cc30181297804d7.dll,#12⤵
- Blocklisted process makes network request
PID:2600
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8E7WD55\YWE9EYRK.htm
Filesize390KB
MD5db7bd945d5d797341b68922d70481090
SHA1a89b7a309410ed2676dd95e06f95dd20a51085f7
SHA2569005b8d539a875f3acbdd7636a4c1017b21697a9eecd6b3239156bcf996a2e87
SHA512045ee6605ac5a185b0b762c3e89eb49c58e8fada9608beda03878ee5d5fd5a9677fb6a3846c660a33af8589c31552add75fe36120b5bf23681653289834a4829