Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
01-02-2022 10:45
Behavioral task
behavioral1
Sample
21a03d9c845e446cb96eba7c93aa6403b8a9aaa744801e77468bf73c0507d028.dll
Resource
win7-en-20211208
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
21a03d9c845e446cb96eba7c93aa6403b8a9aaa744801e77468bf73c0507d028.dll
Resource
win10v2004-en-20220112
0 signatures
0 seconds
General
-
Target
21a03d9c845e446cb96eba7c93aa6403b8a9aaa744801e77468bf73c0507d028.dll
-
Size
53KB
-
MD5
8fef088246f4bb2e5ce12600799ddd12
-
SHA1
9dc3e57e33f7cbc4b0ca75b071d7bfadab509f1f
-
SHA256
21a03d9c845e446cb96eba7c93aa6403b8a9aaa744801e77468bf73c0507d028
-
SHA512
d591f169ffdb45f4c4da095a90038fb35bc0ac777c086ae284b851c69d5d6acf02ef9ea15600cb39ef7f9458458fdab2517d2144d9db3f2638a6a03450e591d5
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1520 wrote to memory of 1684 1520 rundll32.exe rundll32.exe PID 1520 wrote to memory of 1684 1520 rundll32.exe rundll32.exe PID 1520 wrote to memory of 1684 1520 rundll32.exe rundll32.exe PID 1520 wrote to memory of 1684 1520 rundll32.exe rundll32.exe PID 1520 wrote to memory of 1684 1520 rundll32.exe rundll32.exe PID 1520 wrote to memory of 1684 1520 rundll32.exe rundll32.exe PID 1520 wrote to memory of 1684 1520 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\21a03d9c845e446cb96eba7c93aa6403b8a9aaa744801e77468bf73c0507d028.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\21a03d9c845e446cb96eba7c93aa6403b8a9aaa744801e77468bf73c0507d028.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1684-54-0x0000000075D61000-0x0000000075D63000-memory.dmpFilesize
8KB