Analysis
-
max time kernel
4294181s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20220310-en -
submitted
19-03-2022 13:24
Behavioral task
behavioral1
Sample
f88a5721a24ddb40f6b86c2f6484caa1260aa85b7f07da5c7f0bd7f2d8345227.dll
Resource
win7-20220310-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
f88a5721a24ddb40f6b86c2f6484caa1260aa85b7f07da5c7f0bd7f2d8345227.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
f88a5721a24ddb40f6b86c2f6484caa1260aa85b7f07da5c7f0bd7f2d8345227.dll
-
Size
2.2MB
-
MD5
692df72be8ad5ab91b5c0ca623f81958
-
SHA1
c68ebdb554642a52a833ee6b2c4d9e86eb2fb4ed
-
SHA256
f88a5721a24ddb40f6b86c2f6484caa1260aa85b7f07da5c7f0bd7f2d8345227
-
SHA512
8d0b45974c8ee508f5bb15eb4cbd553176c06531864ce40a5438352d82b683ec15174813329b71a7a79ad04aeca9d1e69139448f071e4e49dbe363b39d9023f5
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1744 wrote to memory of 1856 1744 rundll32.exe rundll32.exe PID 1744 wrote to memory of 1856 1744 rundll32.exe rundll32.exe PID 1744 wrote to memory of 1856 1744 rundll32.exe rundll32.exe PID 1744 wrote to memory of 1856 1744 rundll32.exe rundll32.exe PID 1744 wrote to memory of 1856 1744 rundll32.exe rundll32.exe PID 1744 wrote to memory of 1856 1744 rundll32.exe rundll32.exe PID 1744 wrote to memory of 1856 1744 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f88a5721a24ddb40f6b86c2f6484caa1260aa85b7f07da5c7f0bd7f2d8345227.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f88a5721a24ddb40f6b86c2f6484caa1260aa85b7f07da5c7f0bd7f2d8345227.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1856-54-0x0000000075441000-0x0000000075443000-memory.dmpFilesize
8KB