Analysis
-
max time kernel
2s -
max time network
7s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
20-01-2022 03:00
Static task
static1
Behavioral task
behavioral1
Sample
06b13344b6674a23068788a747c14ea71eeda9f12572698220731e2b0a7738a4.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
06b13344b6674a23068788a747c14ea71eeda9f12572698220731e2b0a7738a4.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
06b13344b6674a23068788a747c14ea71eeda9f12572698220731e2b0a7738a4.dll
-
Size
628KB
-
MD5
2dc313c8309f028d3f793167c2c772f2
-
SHA1
d466780789480443b0eccdbd9fad660b398abfa8
-
SHA256
06b13344b6674a23068788a747c14ea71eeda9f12572698220731e2b0a7738a4
-
SHA512
876208929c6578d5d2d5532ec24ed79d8b7e7c1c54db27bab79f4c32b7ebca0325ccc33596fc85680de6d61b3cbf10319076eacad5b15325bdc7a71410d3f311
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1756 wrote to memory of 1332 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 1332 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 1332 1756 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\06b13344b6674a23068788a747c14ea71eeda9f12572698220731e2b0a7738a4.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\06b13344b6674a23068788a747c14ea71eeda9f12572698220731e2b0a7738a4.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1332-130-0x00000000040D0000-0x0000000004170000-memory.dmpFilesize
640KB