Analysis
-
max time kernel
70s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
24-06-2022 17:42
Static task
static1
Behavioral task
behavioral1
Sample
1884-57-0x0000000000750000-0x0000000000772000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1884-57-0x0000000000750000-0x0000000000772000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1884-57-0x0000000000750000-0x0000000000772000-memory.dll
-
Size
136KB
-
MD5
296b9adf1b5b8fa4fa5c02deb5fb0515
-
SHA1
818c891d81e45ac95cd35caf61f26a73237332c8
-
SHA256
f0be163c78c5327c71a007534b9771057188b4799b53e810d14b88634ac53dd1
-
SHA512
22e0b26a295250e8484bc5e029c194af22c67261ca448696aadeac8834109adc3ffa5b013c2153c84fef7398920fef62f2a18b80c4a14d0e1de02f0ba3c1eb46
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 996 wrote to memory of 64 996 rundll32.exe rundll32.exe PID 996 wrote to memory of 64 996 rundll32.exe rundll32.exe PID 996 wrote to memory of 64 996 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1884-57-0x0000000000750000-0x0000000000772000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1884-57-0x0000000000750000-0x0000000000772000-memory.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/64-130-0x0000000000000000-mapping.dmp