Analysis
-
max time kernel
142s -
max time network
139s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
03-02-2022 10:58
Static task
static1
Behavioral task
behavioral1
Sample
525e65171ae087a5d835f7e3838101c81fa88390c498011891f44e67b3983c7a.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
525e65171ae087a5d835f7e3838101c81fa88390c498011891f44e67b3983c7a.dll
Resource
win10v2004-en-20220112
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
525e65171ae087a5d835f7e3838101c81fa88390c498011891f44e67b3983c7a.dll
-
Size
15.7MB
-
MD5
0917fa630a2362b243048a1fbb6123a7
-
SHA1
03cf1586257c0d97e1ea163a300ef1d40b6495ec
-
SHA256
525e65171ae087a5d835f7e3838101c81fa88390c498011891f44e67b3983c7a
-
SHA512
6db97f3670c5aebc0e5e203d43ef6b6fcedd5a30f57e61af18052c50a8a59132a39fb4faa8adadbc2b458e4d8f49a43e4d20f3af2afba1c8e9add319f3da8f5c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1348 wrote to memory of 884 1348 rundll32.exe rundll32.exe PID 1348 wrote to memory of 884 1348 rundll32.exe rundll32.exe PID 1348 wrote to memory of 884 1348 rundll32.exe rundll32.exe PID 1348 wrote to memory of 884 1348 rundll32.exe rundll32.exe PID 1348 wrote to memory of 884 1348 rundll32.exe rundll32.exe PID 1348 wrote to memory of 884 1348 rundll32.exe rundll32.exe PID 1348 wrote to memory of 884 1348 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\525e65171ae087a5d835f7e3838101c81fa88390c498011891f44e67b3983c7a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\525e65171ae087a5d835f7e3838101c81fa88390c498011891f44e67b3983c7a.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/884-54-0x0000000075D61000-0x0000000075D63000-memory.dmpFilesize
8KB