Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
11-07-2022 11:37
Static task
static1
Behavioral task
behavioral1
Sample
f2930620f8d2059149b284d2a04990d8cbc6690f.dll
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
f2930620f8d2059149b284d2a04990d8cbc6690f.dll
-
Size
3.6MB
-
MD5
741f7fd6af800ba69ccc3d4255da8ddd
-
SHA1
f2930620f8d2059149b284d2a04990d8cbc6690f
-
SHA256
50d68a1b46f0ff39819073c387dd61d47f45965ebe1cdff323954d94692510e5
-
SHA512
22a3da0fbc1ae353a80243083977e64eacd47458b984af6ae659444dfdc070ba728be8a4dd7f68f37bcb3ab1b260ea99b4b1492a21d12f0a125319f746b28059
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1668 wrote to memory of 2016 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 2016 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 2016 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 2016 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 2016 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 2016 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 2016 1668 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f2930620f8d2059149b284d2a04990d8cbc6690f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f2930620f8d2059149b284d2a04990d8cbc6690f.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2016-54-0x0000000000000000-mapping.dmp
-
memory/2016-55-0x0000000075BF1000-0x0000000075BF3000-memory.dmpFilesize
8KB
-
memory/2016-56-0x0000000074A60000-0x00000000753BC000-memory.dmpFilesize
9.4MB
-
memory/2016-57-0x0000000073930000-0x000000007428C000-memory.dmpFilesize
9.4MB
-
memory/2016-58-0x0000000073930000-0x000000007428C000-memory.dmpFilesize
9.4MB