Analysis
-
max time kernel
117s -
max time network
134s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
01-02-2022 11:00
Behavioral task
behavioral1
Sample
06c77562bdd0cc66c87571dd9424c3c340289f3a94f458df029a536c911d0100.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
06c77562bdd0cc66c87571dd9424c3c340289f3a94f458df029a536c911d0100.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
06c77562bdd0cc66c87571dd9424c3c340289f3a94f458df029a536c911d0100.dll
-
Size
55KB
-
MD5
70adbf361b9d7148e2e2f58b84322028
-
SHA1
ee8485039eec5095d933ff38b804e486a06f7f2c
-
SHA256
06c77562bdd0cc66c87571dd9424c3c340289f3a94f458df029a536c911d0100
-
SHA512
2a606ad3483752d7376a122808bf8ef561f4cf935ee753de2a1697e81eadc4aaf1850547cb77110bdf906945f00929816ac03299680dd0fe673ef5ad4ab6991e
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1572 wrote to memory of 1620 1572 rundll32.exe rundll32.exe PID 1572 wrote to memory of 1620 1572 rundll32.exe rundll32.exe PID 1572 wrote to memory of 1620 1572 rundll32.exe rundll32.exe PID 1572 wrote to memory of 1620 1572 rundll32.exe rundll32.exe PID 1572 wrote to memory of 1620 1572 rundll32.exe rundll32.exe PID 1572 wrote to memory of 1620 1572 rundll32.exe rundll32.exe PID 1572 wrote to memory of 1620 1572 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\06c77562bdd0cc66c87571dd9424c3c340289f3a94f458df029a536c911d0100.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1572 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\06c77562bdd0cc66c87571dd9424c3c340289f3a94f458df029a536c911d0100.dll,#12⤵PID:1620
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1620-54-0x0000000075D61000-0x0000000075D63000-memory.dmpFilesize
8KB