Analysis
-
max time kernel
55s -
max time network
14s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
24-01-2022 02:00
Static task
static1
Behavioral task
behavioral1
Sample
5bfb1237443e270d7297a9bb2d4cc44cbc4f3ad0f71db00012a4cc0ae461e6d2.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
5bfb1237443e270d7297a9bb2d4cc44cbc4f3ad0f71db00012a4cc0ae461e6d2.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
5bfb1237443e270d7297a9bb2d4cc44cbc4f3ad0f71db00012a4cc0ae461e6d2.dll
-
Size
164KB
-
MD5
8b24ea434d60f99e1ff50810fb8d28da
-
SHA1
259f3974763f09d57129b3881b427fd9d30358d8
-
SHA256
5bfb1237443e270d7297a9bb2d4cc44cbc4f3ad0f71db00012a4cc0ae461e6d2
-
SHA512
aed4d982bc7b4513abf5ba237f562cca1332a2997c8826c81a262fddd64de9074f073f88aecd03ae901d58f9e677cdf5c59f61222606fa5e7da20ade96776371
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1796 wrote to memory of 1896 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1896 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1896 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1896 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1896 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1896 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1896 1796 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfb1237443e270d7297a9bb2d4cc44cbc4f3ad0f71db00012a4cc0ae461e6d2.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5bfb1237443e270d7297a9bb2d4cc44cbc4f3ad0f71db00012a4cc0ae461e6d2.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1896-54-0x0000000076C61000-0x0000000076C63000-memory.dmpFilesize
8KB