Analysis

  • max time kernel
    4294179s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    23/03/2022, 02:20

General

  • Target

    1652-56-0x0000000000160000-0x000000000016E000-memory.dll

  • Size

    56KB

  • MD5

    de066a81a5888119f7074d7f3fcde32a

  • SHA1

    0da1a543e1906f621d17835d73d84e1ea92dac43

  • SHA256

    40a78495d842f1f74502318cebe8cc5551a80b7d1f947b6ddba2b27e839eaed0

  • SHA512

    c9925558f41f15c5c65fe5324c4ecdee4295f25192ef3ac556477a06e22de50f037c585ffe645d536cde746f62cc553be4b63c85b174b0a3592c27565f84a7af

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1652-56-0x0000000000160000-0x000000000016E000-memory.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1652-56-0x0000000000160000-0x000000000016E000-memory.dll,#1
      2⤵
        PID:1104

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1104-55-0x0000000074F31000-0x0000000074F33000-memory.dmp

            Filesize

            8KB