Analysis
-
max time kernel
91s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
27-06-2022 11:00
Static task
static1
Behavioral task
behavioral1
Sample
748-56-0x0000000000290000-0x00000000002B2000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
748-56-0x0000000000290000-0x00000000002B2000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
748-56-0x0000000000290000-0x00000000002B2000-memory.dll
-
Size
136KB
-
MD5
1dde17b265e9afa2fc3000f5ab11b65f
-
SHA1
34fca767e27c4b1aaaa2760f9fb3c975d97ccfb2
-
SHA256
5c8f6d8af72216da0c6c5e7cafe244af6b267860c2072f6c910bc6304f184e80
-
SHA512
49b0fb4f1e8b485b8cd85d7949b0690dac1ef0f6ced36900bd9061713b5223a185cdc5a29d0084cf0bb40bdb983028ca4e5c1d8fffa91254ff7b295c59ada242
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4120 wrote to memory of 2992 4120 rundll32.exe rundll32.exe PID 4120 wrote to memory of 2992 4120 rundll32.exe rundll32.exe PID 4120 wrote to memory of 2992 4120 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\748-56-0x0000000000290000-0x00000000002B2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\748-56-0x0000000000290000-0x00000000002B2000-memory.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2992-130-0x0000000000000000-mapping.dmp