Analysis
-
max time kernel
67s -
max time network
124s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
01-11-2021 19:26
Static task
static1
Behavioral task
behavioral1
Sample
0cede268ec6a310a792caaa120f25b8d95029e59bc9c14881c693eeda8d24050.dll
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
0cede268ec6a310a792caaa120f25b8d95029e59bc9c14881c693eeda8d24050.dll
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
0cede268ec6a310a792caaa120f25b8d95029e59bc9c14881c693eeda8d24050.dll
-
Size
72KB
-
MD5
405edb27ffebdd2fed40d0ad833603f3
-
SHA1
16bf0e96fdf1c1535107cd4443300308b51e347a
-
SHA256
0cede268ec6a310a792caaa120f25b8d95029e59bc9c14881c693eeda8d24050
-
SHA512
2147db477e219a944fad0d34ba0e16c8ee986778c383c09c247fb0ebb5d5284f7ccc6a5522e68640b0f2906b4c1131603e430f3106854616d23f5d1343fe1753
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2500 wrote to memory of 2664 2500 rundll32.exe rundll32.exe PID 2500 wrote to memory of 2664 2500 rundll32.exe rundll32.exe PID 2500 wrote to memory of 2664 2500 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0cede268ec6a310a792caaa120f25b8d95029e59bc9c14881c693eeda8d24050.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2500 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0cede268ec6a310a792caaa120f25b8d95029e59bc9c14881c693eeda8d24050.dll,#12⤵PID:2664
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2664-115-0x0000000000000000-mapping.dmp