Analysis
-
max time kernel
137s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
03-07-2022 18:03
Static task
static1
Behavioral task
behavioral1
Sample
3b092887a1b6ae5ee20d24eee5e2980cfb155cbbc3cf3737e6bb227f10bc90c5.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3b092887a1b6ae5ee20d24eee5e2980cfb155cbbc3cf3737e6bb227f10bc90c5.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
3b092887a1b6ae5ee20d24eee5e2980cfb155cbbc3cf3737e6bb227f10bc90c5.dll
-
Size
207KB
-
MD5
a87641df2604d52fd9047e13dd89f63f
-
SHA1
a225f12977332cdbe151664789897982ac9adcd6
-
SHA256
3b092887a1b6ae5ee20d24eee5e2980cfb155cbbc3cf3737e6bb227f10bc90c5
-
SHA512
97c24072a7656e7095a97cbdcbf7aa2a0e47b774d22b3113e63d38b3426e08a84adfe779a832accafd9a5ddfca478cf0b5a0cf23f7547ba04d64e40061a0dd03
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3988 wrote to memory of 3840 3988 rundll32.exe rundll32.exe PID 3988 wrote to memory of 3840 3988 rundll32.exe rundll32.exe PID 3988 wrote to memory of 3840 3988 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b092887a1b6ae5ee20d24eee5e2980cfb155cbbc3cf3737e6bb227f10bc90c5.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b092887a1b6ae5ee20d24eee5e2980cfb155cbbc3cf3737e6bb227f10bc90c5.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3840-130-0x0000000000000000-mapping.dmp