Analysis
-
max time kernel
4s -
max time network
8s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
21-10-2021 09:05
Behavioral task
behavioral1
Sample
0528d945f86be2aae330340548b4acd3f9c0e48a6a2d998c43cd055714c0df78.bin.sample.dll
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
0528d945f86be2aae330340548b4acd3f9c0e48a6a2d998c43cd055714c0df78.bin.sample.dll
-
Size
8.4MB
-
MD5
2046a3fdc751f79334628ba49e5c5eb6
-
SHA1
864a55bddcab6cdf14aeb69419250ca8c90bc453
-
SHA256
0528d945f86be2aae330340548b4acd3f9c0e48a6a2d998c43cd055714c0df78
-
SHA512
d560acb71b05047a7ab1b03050d508f7d867e53a1d409bb2cd9c6dd05315c846ed3a31c9ee47cc10a0bb26454466033f2c9b5908b8073a66e4945a7d4a9c84b4
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4088 wrote to memory of 3564 4088 rundll32.exe rundll32.exe PID 4088 wrote to memory of 3564 4088 rundll32.exe rundll32.exe PID 4088 wrote to memory of 3564 4088 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0528d945f86be2aae330340548b4acd3f9c0e48a6a2d998c43cd055714c0df78.bin.sample.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0528d945f86be2aae330340548b4acd3f9c0e48a6a2d998c43cd055714c0df78.bin.sample.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3564-115-0x0000000000000000-mapping.dmp