Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
01-02-2022 10:03
Behavioral task
behavioral1
Sample
79d05091b567d313993b547eb379119a1e00bb0cb6716f932a1f1bf7f0058695.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
79d05091b567d313993b547eb379119a1e00bb0cb6716f932a1f1bf7f0058695.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
79d05091b567d313993b547eb379119a1e00bb0cb6716f932a1f1bf7f0058695.dll
-
Size
145KB
-
MD5
3170f0ed199177fc13d6a86e7a6b0bb3
-
SHA1
e79195224a6fbf4bd6a442add27f25029317b08b
-
SHA256
79d05091b567d313993b547eb379119a1e00bb0cb6716f932a1f1bf7f0058695
-
SHA512
54f03f11b4d76e6ce3928a70c53942370ca23b8bd2c2d2f92079272a031deafe5187b3e7ef57b45e3374c36b3e9a10a4d3c40bec85bc2f8ada701c58ec0b55a3
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 972 wrote to memory of 1276 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1276 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1276 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1276 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1276 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1276 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1276 972 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\79d05091b567d313993b547eb379119a1e00bb0cb6716f932a1f1bf7f0058695.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:972 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\79d05091b567d313993b547eb379119a1e00bb0cb6716f932a1f1bf7f0058695.dll,#12⤵PID:1276
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1276-54-0x00000000756C1000-0x00000000756C3000-memory.dmpFilesize
8KB