Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
13-12-2023 15:56
Behavioral task
behavioral1
Sample
82fc444c2e6ebe55046ddf5c031b7fcad832a8fd4f66b8a40e509a81ca413735.dll
Resource
win7-20231020-en
windows7-x64
Behavioral task
behavioral2
Sample
82fc444c2e6ebe55046ddf5c031b7fcad832a8fd4f66b8a40e509a81ca413735.dll
Resource
win10v2004-20231127-en
windows10-2004-x64
General
-
Target
82fc444c2e6ebe55046ddf5c031b7fcad832a8fd4f66b8a40e509a81ca413735.dll
-
Size
520KB
-
MD5
00d96db6440e496f298013ae3d4806d8
-
SHA1
2d3801fb6264694adfe8d61d25662ec31939d49e
-
SHA256
82fc444c2e6ebe55046ddf5c031b7fcad832a8fd4f66b8a40e509a81ca413735
-
SHA512
2361c93d789da3a93008e37f02bc16f59eb107918260b87d6466e0a280ad14c9472c8bc60f17b2e585da72e0740905591a5300b4463d87ad00fb88b043ac8c9b
-
SSDEEP
12288:vXLLkwykYRIZLNpxjb72MCt0LARqbdpZs:vXLLmkNZLflHCtc2qbx
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
flow pid Process 3 2444 rundll32.exe 4 2444 rundll32.exe 6 2444 rundll32.exe 8 2444 rundll32.exe 9 2444 rundll32.exe 10 2444 rundll32.exe 11 2444 rundll32.exe 12 2444 rundll32.exe 13 2444 rundll32.exe 14 2444 rundll32.exe 15 2444 rundll32.exe 16 2444 rundll32.exe 17 2444 rundll32.exe 18 2444 rundll32.exe 19 2444 rundll32.exe 20 2444 rundll32.exe 21 2444 rundll32.exe 22 2444 rundll32.exe 23 2444 rundll32.exe 24 2444 rundll32.exe 25 2444 rundll32.exe 26 2444 rundll32.exe 27 2444 rundll32.exe 28 2444 rundll32.exe 29 2444 rundll32.exe 30 2444 rundll32.exe 31 2444 rundll32.exe 32 2444 rundll32.exe 33 2444 rundll32.exe 34 2444 rundll32.exe 35 2444 rundll32.exe 36 2444 rundll32.exe 37 2444 rundll32.exe 38 2444 rundll32.exe 39 2444 rundll32.exe 40 2444 rundll32.exe 41 2444 rundll32.exe 42 2444 rundll32.exe 43 2444 rundll32.exe 44 2444 rundll32.exe 45 2444 rundll32.exe 46 2444 rundll32.exe 47 2444 rundll32.exe 48 2444 rundll32.exe 49 2444 rundll32.exe 50 2444 rundll32.exe 51 2444 rundll32.exe 52 2444 rundll32.exe 53 2444 rundll32.exe 54 2444 rundll32.exe 55 2444 rundll32.exe 56 2444 rundll32.exe 57 2444 rundll32.exe 58 2444 rundll32.exe 59 2444 rundll32.exe 60 2444 rundll32.exe 61 2444 rundll32.exe 62 2444 rundll32.exe 63 2444 rundll32.exe 64 2444 rundll32.exe 65 2444 rundll32.exe 66 2444 rundll32.exe 67 2444 rundll32.exe 68 2444 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2484 wrote to memory of 2444 2484 rundll32.exe 28 PID 2484 wrote to memory of 2444 2484 rundll32.exe 28 PID 2484 wrote to memory of 2444 2484 rundll32.exe 28 PID 2484 wrote to memory of 2444 2484 rundll32.exe 28 PID 2484 wrote to memory of 2444 2484 rundll32.exe 28 PID 2484 wrote to memory of 2444 2484 rundll32.exe 28 PID 2484 wrote to memory of 2444 2484 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\82fc444c2e6ebe55046ddf5c031b7fcad832a8fd4f66b8a40e509a81ca413735.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2484 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\82fc444c2e6ebe55046ddf5c031b7fcad832a8fd4f66b8a40e509a81ca413735.dll,#12⤵
- Blocklisted process makes network request
PID:2444
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYJJYCDH\D0P12HB9.htm
Filesize431KB
MD55b2f1bc7515c1dc3dda16284aca30a9c
SHA1d94afc14e6735e6bc8aeec6d32db46f3c8d007ca
SHA2564424511d8d47c58df000434743c1ef59fae9644b09dc9615252ad548dfe85c9c
SHA512321431ffcb88375d133b00e2e5cb400f652fa84f268b13341fd1c2c3a70f318483842000850852bc74719d4a91f04f251d1d19b4978dd3237f671a8135cbc936