Analysis
-
max time kernel
92s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
24-05-2022 03:27
Static task
static1
Behavioral task
behavioral1
Sample
14d0735833c45afd0ada836124e4ef6876ec6b6ead4f0eae3b83d3a2f5a521ed.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
14d0735833c45afd0ada836124e4ef6876ec6b6ead4f0eae3b83d3a2f5a521ed.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
14d0735833c45afd0ada836124e4ef6876ec6b6ead4f0eae3b83d3a2f5a521ed.dll
-
Size
164KB
-
MD5
a18e52d3d7d3fd43ba2597885bde3557
-
SHA1
d3741d23082b547af6b1423ce65a8ca3ab37908d
-
SHA256
14d0735833c45afd0ada836124e4ef6876ec6b6ead4f0eae3b83d3a2f5a521ed
-
SHA512
2efc5c538cf97142e2a2995777132a5b5606ae1db86882e527f30b3deea60f53c5e5f16c9137dfbfb9e34f114a01adbc571fed6c7bfbfd0b5f94da2af26b858c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1196 wrote to memory of 5012 1196 rundll32.exe rundll32.exe PID 1196 wrote to memory of 5012 1196 rundll32.exe rundll32.exe PID 1196 wrote to memory of 5012 1196 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14d0735833c45afd0ada836124e4ef6876ec6b6ead4f0eae3b83d3a2f5a521ed.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14d0735833c45afd0ada836124e4ef6876ec6b6ead4f0eae3b83d3a2f5a521ed.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/5012-130-0x0000000000000000-mapping.dmp