Analysis
-
max time kernel
91s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 17:17
Behavioral task
behavioral1
Sample
751205ccbc8f2e63f956cd7e33a66343.dll
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
751205ccbc8f2e63f956cd7e33a66343.dll
-
Size
75KB
-
MD5
751205ccbc8f2e63f956cd7e33a66343
-
SHA1
684e0aa6eb4f640e6988b78d81109c6f6066d33e
-
SHA256
55a6b363596907819c886e177390a17cf4c6ae1e0842d408218c878a8b202363
-
SHA512
6a6f0dcb0afa88d9409161f5f782fea6c36bdf74e67e000d695da013e07d698f94c61ff21c13740f1f7111d63ee6336168b881dcb3e96569d4d67ca90ff963b9
-
SSDEEP
1536:n56EgIMIDBhinQkURmPEvQ/Kt5zFYHLAj7p5RcRbBfY:n56BnqBheUR5CKt5pELq7p0Y
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/4300-0-0x0000000010000000-0x000000001000E000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4684 wrote to memory of 4300 4684 rundll32.exe rundll32.exe PID 4684 wrote to memory of 4300 4684 rundll32.exe rundll32.exe PID 4684 wrote to memory of 4300 4684 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\751205ccbc8f2e63f956cd7e33a66343.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4684 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\751205ccbc8f2e63f956cd7e33a66343.dll,#12⤵PID:4300
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4300-0-0x0000000010000000-0x000000001000E000-memory.dmpFilesize
56KB