Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26-05-2024 02:02
Behavioral task
behavioral1
Sample
b55db73653ba176c18d303148f98d46e9c91d3c21bde72589aa43950155c6259.dll
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
General
-
Target
b55db73653ba176c18d303148f98d46e9c91d3c21bde72589aa43950155c6259.dll
-
Size
38KB
-
MD5
531b1cccdb85c5395cde6363bedc737d
-
SHA1
287948ac7bba080eeb63004d03e68659750a2163
-
SHA256
b55db73653ba176c18d303148f98d46e9c91d3c21bde72589aa43950155c6259
-
SHA512
c220035ea7f3f49c43bdae165dd4efd2f4cf9689c38b6ae8963537c9491251909558d4df3d285b92c15211db8cd0ca1500431cb4446da602434c8b9e36dbd0d9
-
SSDEEP
768:Bs+/gMsLIn/wIj2labk+1IsceGSnkmJ0Yblr583CJrVV74IXU76m2sZCVV:WD8w22laSR0V+3CJrV/XczJZ
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
Processes:
rundll32.exedescription ioc process File created C:\Windows\SysWOW64\dmlconf.dat rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1284 wrote to memory of 2504 1284 rundll32.exe rundll32.exe PID 1284 wrote to memory of 2504 1284 rundll32.exe rundll32.exe PID 1284 wrote to memory of 2504 1284 rundll32.exe rundll32.exe PID 1284 wrote to memory of 2504 1284 rundll32.exe rundll32.exe PID 1284 wrote to memory of 2504 1284 rundll32.exe rundll32.exe PID 1284 wrote to memory of 2504 1284 rundll32.exe rundll32.exe PID 1284 wrote to memory of 2504 1284 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b55db73653ba176c18d303148f98d46e9c91d3c21bde72589aa43950155c6259.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b55db73653ba176c18d303148f98d46e9c91d3c21bde72589aa43950155c6259.dll,#12⤵
- Drops file in System32 directory
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2504-1-0x0000000010000000-0x000000001000D000-memory.dmpFilesize
52KB