Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
24-01-2022 01:11
Static task
static1
Behavioral task
behavioral1
Sample
bbe94db3d19640661a2816dc20fa9246330a87ae5e0a06acf5af2bee9151e8aa.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
bbe94db3d19640661a2816dc20fa9246330a87ae5e0a06acf5af2bee9151e8aa.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
bbe94db3d19640661a2816dc20fa9246330a87ae5e0a06acf5af2bee9151e8aa.dll
-
Size
164KB
-
MD5
d5e7b612e272ffbe50f93f7618487157
-
SHA1
10b4e3d0c27f49ac5c2258967051ecdc8374a5f8
-
SHA256
bbe94db3d19640661a2816dc20fa9246330a87ae5e0a06acf5af2bee9151e8aa
-
SHA512
3a5d27998dc28f438d25173628416fcd4aacd2e3ab505d2e1fb6d52c89215b066c350acb341f167c4ba51ea5ab4c6cbeb56d93d0c20a7c6f37e6f3cbd74eadbd
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1416 wrote to memory of 1624 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1624 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1624 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1624 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1624 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1624 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1624 1416 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bbe94db3d19640661a2816dc20fa9246330a87ae5e0a06acf5af2bee9151e8aa.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1416 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bbe94db3d19640661a2816dc20fa9246330a87ae5e0a06acf5af2bee9151e8aa.dll,#12⤵PID:1624
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1624-54-0x0000000076071000-0x0000000076073000-memory.dmpFilesize
8KB
-
memory/1624-57-0x0000000003090000-0x00000000031BD000-memory.dmpFilesize
1.2MB
-
memory/1624-58-0x0000000000310000-0x000000000032F000-memory.dmpFilesize
124KB
-
memory/1624-59-0x0000000003420000-0x0000000003529000-memory.dmpFilesize
1.0MB
-
memory/1624-60-0x00000000000B0000-0x00000000000BA000-memory.dmpFilesize
40KB
-
memory/1624-61-0x00000000001A0000-0x00000000001A6000-memory.dmpFilesize
24KB