Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
14-12-2021 08:04
Behavioral task
behavioral1
Sample
tmp/b6ae2706d2176b991b937d48bed5c4af7a76fa1a8778bb28531eddbff3ed289a.exe.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
tmp/b6ae2706d2176b991b937d48bed5c4af7a76fa1a8778bb28531eddbff3ed289a.exe.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
tmp/b6ae2706d2176b991b937d48bed5c4af7a76fa1a8778bb28531eddbff3ed289a.exe.dll
-
Size
42KB
-
MD5
82ccb90da20b65bcdad25bdd5a7d6f05
-
SHA1
ecea5d6a57c1e23010b45d4d04dcc1ffda19e5fe
-
SHA256
b6ae2706d2176b991b937d48bed5c4af7a76fa1a8778bb28531eddbff3ed289a
-
SHA512
d85d570d5269cfc945b764d3530680c5910b152247893f5b8a1d108a16b52704547e754d5cda59392aeb28d417ad8e0534c75cee06d3bc636190ebece4cc4a61
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3676 wrote to memory of 4108 3676 rundll32.exe rundll32.exe PID 3676 wrote to memory of 4108 3676 rundll32.exe rundll32.exe PID 3676 wrote to memory of 4108 3676 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\tmp\b6ae2706d2176b991b937d48bed5c4af7a76fa1a8778bb28531eddbff3ed289a.exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\tmp\b6ae2706d2176b991b937d48bed5c4af7a76fa1a8778bb28531eddbff3ed289a.exe.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4108-115-0x0000000000000000-mapping.dmp