Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
24-01-2022 00:41
Static task
static1
Behavioral task
behavioral1
Sample
f8b0760d39e57a7c89e66ebb3b254a89ec8bea7793511f7ce71994d9a0946d97.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
f8b0760d39e57a7c89e66ebb3b254a89ec8bea7793511f7ce71994d9a0946d97.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
f8b0760d39e57a7c89e66ebb3b254a89ec8bea7793511f7ce71994d9a0946d97.dll
-
Size
164KB
-
MD5
72b88a31c6bd378ea66698a6ab15f6b8
-
SHA1
68c791b584b315f491443d3826f209c0e3ab9375
-
SHA256
f8b0760d39e57a7c89e66ebb3b254a89ec8bea7793511f7ce71994d9a0946d97
-
SHA512
6a707908cbd63d14d738dce9c5eb920e3cfd20e2dc90f540b79aaaa52dd79c935fa8569f2f88d09ddeebdfc55874b7e3e9980b0a6d2eb27e10e99335a631a3df
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1448 wrote to memory of 1452 1448 rundll32.exe rundll32.exe PID 1448 wrote to memory of 1452 1448 rundll32.exe rundll32.exe PID 1448 wrote to memory of 1452 1448 rundll32.exe rundll32.exe PID 1448 wrote to memory of 1452 1448 rundll32.exe rundll32.exe PID 1448 wrote to memory of 1452 1448 rundll32.exe rundll32.exe PID 1448 wrote to memory of 1452 1448 rundll32.exe rundll32.exe PID 1448 wrote to memory of 1452 1448 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f8b0760d39e57a7c89e66ebb3b254a89ec8bea7793511f7ce71994d9a0946d97.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1448 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f8b0760d39e57a7c89e66ebb3b254a89ec8bea7793511f7ce71994d9a0946d97.dll,#12⤵PID:1452
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1452-54-0x0000000076421000-0x0000000076423000-memory.dmpFilesize
8KB