Analysis
-
max time kernel
89s -
max time network
100s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
-
submitted
03/07/2024, 13:07
General
-
Target
DLL.dll
-
Size
645KB
-
MD5
70f36f9bc53728b920836f968b1649fc
-
SHA1
0b8deeedd36af427ba137a666e333ccc6af1ab24
-
SHA256
409233ccb2d21d63cae386eceeb0df82c653f313ffc2cfe3dc0edc39b2b071e4
-
SHA512
d0f785b9ef64d94cff1f8d4a54fd097f7e152397d98ffe9a3762bc4db17b7b6682d726fd5f20811d4befe8da37b36bd6ecbc91574b54a6f74f54e25e7d1016ae
-
SSDEEP
12288:0GTs7SWetIXGXiAvB+7DD9My+gYzcHwp0Mdz2FhO0ktFqoA:LTsjoIXSiAo5Mb1cHwp0Mdz2FhOrtko
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs net.exe
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\DLL.dll,#11⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c net session2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet session3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 session4⤵
-
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C notepad.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\notepad.exenotepad.exe3⤵
-
-