Analysis
-
max time kernel
112s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 19:24
Static task
static1
Behavioral task
behavioral1
Sample
14930488158df5fca4cba80b1089f41dc296e19bebf41e2ff6e5b32770ac0f1e.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
14930488158df5fca4cba80b1089f41dc296e19bebf41e2ff6e5b32770ac0f1e.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
14930488158df5fca4cba80b1089f41dc296e19bebf41e2ff6e5b32770ac0f1e.dll
-
Size
24KB
-
MD5
c5cf6e70d5a5c489aa1c0326799dbe90
-
SHA1
a94ed3d673261d62f2959979272d8c8d17e6e7f3
-
SHA256
14930488158df5fca4cba80b1089f41dc296e19bebf41e2ff6e5b32770ac0f1e
-
SHA512
7d9422e35d71a691c9cc62d4cbecb5f6b02d7754c348f0bd7a1085200d70624cf4b27e17804f7a069b5ae0b3a0e657693b7206a4a2ca8b5ed79bd71d9dc098f1
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1528 wrote to memory of 4888 1528 rundll32.exe rundll32.exe PID 1528 wrote to memory of 4888 1528 rundll32.exe rundll32.exe PID 1528 wrote to memory of 4888 1528 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14930488158df5fca4cba80b1089f41dc296e19bebf41e2ff6e5b32770ac0f1e.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14930488158df5fca4cba80b1089f41dc296e19bebf41e2ff6e5b32770ac0f1e.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4888-130-0x0000000000000000-mapping.dmp