Analysis
-
max time kernel
138s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
12/10/2023, 17:46
Behavioral task
behavioral1
Sample
d59b6b978d110a6210b03e4d3e5a3ca8b9ffec739ee1f6ff83c4aaa0546e684c.dll
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral2
Sample
d59b6b978d110a6210b03e4d3e5a3ca8b9ffec739ee1f6ff83c4aaa0546e684c.dll
Resource
win10v2004-20230915-en
windows10-2004-x64
General
-
Target
d59b6b978d110a6210b03e4d3e5a3ca8b9ffec739ee1f6ff83c4aaa0546e684c.dll
-
Size
444KB
-
MD5
0feb0a7384f36dea44e7a83b92bfe9a4
-
SHA1
2a585a183fad3cf0f1677f588c9399ec1157548f
-
SHA256
d59b6b978d110a6210b03e4d3e5a3ca8b9ffec739ee1f6ff83c4aaa0546e684c
-
SHA512
16406f8c8ec3dea5dbc94bf2070b224f37e0ad1af304513cd92ab6adb9af45bf58f3a3b57d303ca86227b5b295ee206e293659029f30a1fb2d181c6dfbbde2b2
-
SSDEEP
12288:32vR0HPvKHSJXdUP7osqrlS5pTwvTbdpZr:3250vvKHaNUP7osUKsLbx
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
flow pid Process 3 2348 rundll32.exe 5 2348 rundll32.exe 7 2348 rundll32.exe 8 2348 rundll32.exe 9 2348 rundll32.exe 10 2348 rundll32.exe 11 2348 rundll32.exe 12 2348 rundll32.exe 13 2348 rundll32.exe 14 2348 rundll32.exe 15 2348 rundll32.exe 16 2348 rundll32.exe 17 2348 rundll32.exe 18 2348 rundll32.exe 19 2348 rundll32.exe 20 2348 rundll32.exe 21 2348 rundll32.exe 22 2348 rundll32.exe 23 2348 rundll32.exe 24 2348 rundll32.exe 25 2348 rundll32.exe 26 2348 rundll32.exe 27 2348 rundll32.exe 28 2348 rundll32.exe 29 2348 rundll32.exe 30 2348 rundll32.exe 31 2348 rundll32.exe 32 2348 rundll32.exe 33 2348 rundll32.exe 34 2348 rundll32.exe 35 2348 rundll32.exe 36 2348 rundll32.exe 37 2348 rundll32.exe 38 2348 rundll32.exe 39 2348 rundll32.exe 40 2348 rundll32.exe 41 2348 rundll32.exe 42 2348 rundll32.exe 43 2348 rundll32.exe 44 2348 rundll32.exe 45 2348 rundll32.exe 46 2348 rundll32.exe 47 2348 rundll32.exe 48 2348 rundll32.exe 49 2348 rundll32.exe 50 2348 rundll32.exe 51 2348 rundll32.exe 52 2348 rundll32.exe 53 2348 rundll32.exe 54 2348 rundll32.exe 55 2348 rundll32.exe 56 2348 rundll32.exe 57 2348 rundll32.exe 58 2348 rundll32.exe 59 2348 rundll32.exe 60 2348 rundll32.exe 61 2348 rundll32.exe 62 2348 rundll32.exe 63 2348 rundll32.exe 64 2348 rundll32.exe 65 2348 rundll32.exe 66 2348 rundll32.exe 67 2348 rundll32.exe 68 2348 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 3044 wrote to memory of 2348 3044 rundll32.exe 28 PID 3044 wrote to memory of 2348 3044 rundll32.exe 28 PID 3044 wrote to memory of 2348 3044 rundll32.exe 28 PID 3044 wrote to memory of 2348 3044 rundll32.exe 28 PID 3044 wrote to memory of 2348 3044 rundll32.exe 28 PID 3044 wrote to memory of 2348 3044 rundll32.exe 28 PID 3044 wrote to memory of 2348 3044 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d59b6b978d110a6210b03e4d3e5a3ca8b9ffec739ee1f6ff83c4aaa0546e684c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3044 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d59b6b978d110a6210b03e4d3e5a3ca8b9ffec739ee1f6ff83c4aaa0546e684c.dll,#12⤵
- Blocklisted process makes network request
PID:2348
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27V93E5X\V5B5OBMZ.htm
Filesize390KB
MD57481faf6addc52e11795d5ee6aa1ddce
SHA1abc472adeb7bd67fa3f45ef1b84ca09dc3df0cb5
SHA256ae4bbe44472b8d15e284ef0ec74207d38b6fb6bbe49f43f67562b9ceb0d62656
SHA5126c88ef65259a16dd55ffd90322d0c97a07e397a00ff9d86cee0655398dc21e63370d87d42d377408c832a9a566ce288eba5a6126097d6a53abbc5517ddda1ac3