Analysis
-
max time kernel
90s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-04-2022 16:51
Static task
static1
Behavioral task
behavioral1
Sample
af939094a2d279307853f109fc6e468ea59afdddafb83e7f346c3e66075d0a58.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
af939094a2d279307853f109fc6e468ea59afdddafb83e7f346c3e66075d0a58.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
af939094a2d279307853f109fc6e468ea59afdddafb83e7f346c3e66075d0a58.dll
-
Size
12KB
-
MD5
67e0f8f9549ff5028bdb2119a784896d
-
SHA1
939b3c765a5bba9d36ce2b35996d76f08fc56f0d
-
SHA256
af939094a2d279307853f109fc6e468ea59afdddafb83e7f346c3e66075d0a58
-
SHA512
2497f9fa0af42f2c032572b19e71b8a49478a3b50b6c6ecd59ef7cafcea37030ec94d55f3c0c0800439d5dc7388993c288bbffb1128a3827cfcec341ab1a8194
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4928 wrote to memory of 4756 4928 rundll32.exe rundll32.exe PID 4928 wrote to memory of 4756 4928 rundll32.exe rundll32.exe PID 4928 wrote to memory of 4756 4928 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\af939094a2d279307853f109fc6e468ea59afdddafb83e7f346c3e66075d0a58.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\af939094a2d279307853f109fc6e468ea59afdddafb83e7f346c3e66075d0a58.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4756-130-0x0000000000000000-mapping.dmp