Analysis
-
max time kernel
4294063s -
max time network
114s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
20-03-2022 03:33
Behavioral task
behavioral1
Sample
7977254e16954c30b9d5b9df44d7f64a5c31b02b7f0b5914bcf38cf58629788f.dll
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
General
-
Target
7977254e16954c30b9d5b9df44d7f64a5c31b02b7f0b5914bcf38cf58629788f.dll
-
Size
2.5MB
-
MD5
d2fd1958fbd742713a8d6d6f0380737c
-
SHA1
96cef29e960e1ec4daa42cc3d46925c355cf0491
-
SHA256
7977254e16954c30b9d5b9df44d7f64a5c31b02b7f0b5914bcf38cf58629788f
-
SHA512
ba5e29eeaf4b7b3960c52c9a3b62de68cf336f033883da3b440e460ff9d222272bda4c425717665efedf60f6083b359763dc9190b16a81ee3f65c52478b23eb2
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1328 wrote to memory of 1492 1328 rundll32.exe rundll32.exe PID 1328 wrote to memory of 1492 1328 rundll32.exe rundll32.exe PID 1328 wrote to memory of 1492 1328 rundll32.exe rundll32.exe PID 1328 wrote to memory of 1492 1328 rundll32.exe rundll32.exe PID 1328 wrote to memory of 1492 1328 rundll32.exe rundll32.exe PID 1328 wrote to memory of 1492 1328 rundll32.exe rundll32.exe PID 1328 wrote to memory of 1492 1328 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7977254e16954c30b9d5b9df44d7f64a5c31b02b7f0b5914bcf38cf58629788f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7977254e16954c30b9d5b9df44d7f64a5c31b02b7f0b5914bcf38cf58629788f.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1492-54-0x0000000075561000-0x0000000075563000-memory.dmpFilesize
8KB