Analysis
-
max time kernel
158s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
29-05-2022 16:24
Static task
static1
Behavioral task
behavioral1
Sample
0dbf53264f94a98710a6c3b60b3079db318c7df92396a76efe50e1790644e708.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
0dbf53264f94a98710a6c3b60b3079db318c7df92396a76efe50e1790644e708.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
0dbf53264f94a98710a6c3b60b3079db318c7df92396a76efe50e1790644e708.dll
-
Size
198KB
-
MD5
0680fe53376730d44f9878e0ebeef36d
-
SHA1
a327a919d0234adfdccc84c407b030d46223cd22
-
SHA256
0dbf53264f94a98710a6c3b60b3079db318c7df92396a76efe50e1790644e708
-
SHA512
47269daea0d7acc0fad0b876d852c5e635ed8771d75bd0410458ef329e5e2f3231cd2b21bb98de26ba1ee1c8afb7d33303df8b774a0f8b17dca53af052197e75
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1216 wrote to memory of 1596 1216 rundll32.exe rundll32.exe PID 1216 wrote to memory of 1596 1216 rundll32.exe rundll32.exe PID 1216 wrote to memory of 1596 1216 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0dbf53264f94a98710a6c3b60b3079db318c7df92396a76efe50e1790644e708.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0dbf53264f94a98710a6c3b60b3079db318c7df92396a76efe50e1790644e708.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1596-130-0x0000000000000000-mapping.dmp