94e4394722b0ac35fb2098c6eb10a700ae05e991542022fb2b8656aa5eef1352

Analysis

max time kernel
117s
max time network
132s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94e4394722b0ac35fb2098c6eb10a700ae05e991542022fb2b8656aa5eef1352.dll
Size

2.4MB
MD5

e3406e1ea86c129751e1733e0936b091
SHA1

27abbaee8060e93de8da3ee941816334cb9578e4
SHA256

94e4394722b0ac35fb2098c6eb10a700ae05e991542022fb2b8656aa5eef1352
SHA512

69405cb83e6de78f87f69affefe8d1a0882fc05b6b7c3956b616a6330e51f7a8faf8a06338366a6dd8e719e3a68f46add7627d1a0be61091df7dbdc68e63518b
SSDEEP

49152:4udaVP0XNRaLoeWK74BATSEKn18fwE1viO1J62V2wfCJVZadmLH9z8zWH:4vCXOcK7aPa9fiTeGH2

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1168	rundll32.exe
1168	rundll32.exe
1168	rundll32.exe
1168	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 1168	1336	rundll32.exe	28
PID 1336 wrote to memory of 1168	1336	rundll32.exe	28
PID 1336 wrote to memory of 1168	1336	rundll32.exe	28
PID 1336 wrote to memory of 1168	1336	rundll32.exe	28
PID 1336 wrote to memory of 1168	1336	rundll32.exe	28
PID 1336 wrote to memory of 1168	1336	rundll32.exe	28
PID 1336 wrote to memory of 1168	1336	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\94e4394722b0ac35fb2098c6eb10a700ae05e991542022fb2b8656aa5eef1352.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\94e4394722b0ac35fb2098c6eb10a700ae05e991542022fb2b8656aa5eef1352.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1168-0-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/1168-2-0x0000000073BD0000-0x00000000740D2000-memory.dmp

Filesize
5.0MB

Download
memory/1168-3-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/1168-5-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download
memory/1168-6-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/1168-8-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/1168-10-0x00000000000E0000-0x00000000000E1000-memory.dmp

Filesize
4KB

Download
memory/1168-15-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/1168-13-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/1168-17-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1168-18-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1168-21-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/1168-23-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/1168-26-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1168-28-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1168-29-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1168-31-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1168-33-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download