Overview

overview

10

Static

static

10

1944-57-0x...ry.dll

windows7_x64

1

1944-57-0x...ry.dll

windows10-2004_x64

1

Analysis

  • max time kernel
    90s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    27-06-2022 11:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1944-57-0x0000000000200000-0x0000000000222000-memory.dll

  • Size

    136KB

  • MD5

    39b7b2617a589066b75045b2b5be852b

  • SHA1

    0e5c116bba9fef10a5567e87369368e52a4b0631

  • SHA256

    5e27f206cca8c47995cbb6b9a3ad649d76941c48eda11ece878090ca01a54003

  • SHA512

    db939fae1e4104cc8e431b598e0ceedf78a95ac075d5e110a9e8e597cabe239e964fbd805c058df6dca0a605f72d5388e6d37be84b0249d8873778692f600cf1

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 54 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2052
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:616
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:536
          • C:\Windows\SysWOW64\rundll32.exe
            rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:2784
            • C:\Windows\SysWOW64\rundll32.exe
              rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
              6⤵
              • Suspicious use of WriteProcessMemory
              PID:1524
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
                7⤵
                • Suspicious use of WriteProcessMemory
                PID:4268
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
                  8⤵
                  • Suspicious use of WriteProcessMemory
                  PID:4160
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
                    9⤵
                    • Suspicious use of WriteProcessMemory
                    PID:4216
                    • C:\Windows\SysWOW64\rundll32.exe
                      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
                      10⤵
                      • Suspicious use of WriteProcessMemory
                      PID:4252
                      • C:\Windows\SysWOW64\rundll32.exe
                        rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
                        11⤵
                        • Suspicious use of WriteProcessMemory
                        PID:4960
                        • C:\Windows\SysWOW64\rundll32.exe
                          rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
                          12⤵
                          • Suspicious use of WriteProcessMemory
                          PID:5004
                          • C:\Windows\SysWOW64\rundll32.exe
                            rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
                            13⤵
                            • Suspicious use of WriteProcessMemory
                            PID:4720
                            • C:\Windows\SysWOW64\rundll32.exe
                              rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
                              14⤵
                              • Suspicious use of WriteProcessMemory
                              PID:3544
                              • C:\Windows\SysWOW64\rundll32.exe
                                rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
                                15⤵
                                • Suspicious use of WriteProcessMemory
                                PID:2556
                                • C:\Windows\SysWOW64\rundll32.exe
                                  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
                                  16⤵
                                  • Suspicious use of WriteProcessMemory
                                  PID:3332
                                  • C:\Windows\SysWOW64\rundll32.exe
                                    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
                                    17⤵
                                    • Suspicious use of WriteProcessMemory
                                    PID:3968
                                    • C:\Windows\SysWOW64\rundll32.exe
                                      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
                                      18⤵
                                      • Suspicious use of WriteProcessMemory
                                      PID:1420
                                      • C:\Windows\SysWOW64\rundll32.exe
                                        rundll32.exe C:\Users\Admin\AppData\Local\Temp\1944-57-0x0000000000200000-0x0000000000222000-memory.dll,#1
                                        19⤵
                                          PID:3188

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/536-132-0x0000000000000000-mapping.dmp
      Download
    • memory/616-131-0x0000000000000000-mapping.dmp
      Download
    • memory/1420-146-0x0000000000000000-mapping.dmp
      Download
    • memory/1524-134-0x0000000000000000-mapping.dmp
      Download
    • memory/2052-130-0x0000000000000000-mapping.dmp
      Download
    • memory/2556-143-0x0000000000000000-mapping.dmp
      Download
    • memory/2784-133-0x0000000000000000-mapping.dmp
      Download
    • memory/3188-147-0x0000000000000000-mapping.dmp
      Download
    • memory/3332-144-0x0000000000000000-mapping.dmp
      Download
    • memory/3544-142-0x0000000000000000-mapping.dmp
      Download
    • memory/3968-145-0x0000000000000000-mapping.dmp
      Download
    • memory/4160-136-0x0000000000000000-mapping.dmp
      Download
    • memory/4216-137-0x0000000000000000-mapping.dmp
      Download
    • memory/4252-138-0x0000000000000000-mapping.dmp
      Download
    • memory/4268-135-0x0000000000000000-mapping.dmp
      Download
    • memory/4720-141-0x0000000000000000-mapping.dmp
      Download
    • memory/4960-139-0x0000000000000000-mapping.dmp
      Download
    • memory/5004-140-0x0000000000000000-mapping.dmp
      Download