Analysis
-
max time kernel
139s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
11-07-2022 17:52
Static task
static1
Behavioral task
behavioral1
Sample
1660-57-0x0000000001B40000-0x0000000001B62000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1660-57-0x0000000001B40000-0x0000000001B62000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1660-57-0x0000000001B40000-0x0000000001B62000-memory.dll
-
Size
136KB
-
MD5
c49bc076101440704dfc5f13a65917a0
-
SHA1
670702a90bca904c78a40b06ca7d21c95f3251f5
-
SHA256
81fcf528fa920f5af4f079448113be7eb1c00300f47d8b43e7637c8e2bcfc9a1
-
SHA512
8e47821da1eb8ecc9806c8b2d1d8ea7e439cd4e2439170115501d858cacf681877969fae7141ea5768de17e45eca1bcbe6eb6dc70c20ff7c25d7eb7ebb71b7e6
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2844 wrote to memory of 380 2844 rundll32.exe rundll32.exe PID 2844 wrote to memory of 380 2844 rundll32.exe rundll32.exe PID 2844 wrote to memory of 380 2844 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1660-57-0x0000000001B40000-0x0000000001B62000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2844 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1660-57-0x0000000001B40000-0x0000000001B62000-memory.dll,#12⤵PID:380
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/380-130-0x0000000000000000-mapping.dmp