Analysis
-
max time kernel
93s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
11-07-2022 20:52
Static task
static1
Behavioral task
behavioral1
Sample
1884-57-0x0000000000330000-0x0000000000352000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1884-57-0x0000000000330000-0x0000000000352000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1884-57-0x0000000000330000-0x0000000000352000-memory.dll
-
Size
136KB
-
MD5
08a03d4d271496fe89557c0f0eda4b00
-
SHA1
de3f75e4857c39a1dca990b198ff08eabaeda274
-
SHA256
ffc7b7eee99f5d70375bab96f19cce710513faf23f7e3b53eb3aa78a195a172a
-
SHA512
c34a5d0ea614071f9c3b1ea0075d7e05fbfaf44c00b5c9c48416eb3f285ab4ac98074a2eee45b6211821a09a85599b251c8007ccc3beb6aa744f836d1208e0b3
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 432 wrote to memory of 4000 432 rundll32.exe rundll32.exe PID 432 wrote to memory of 4000 432 rundll32.exe rundll32.exe PID 432 wrote to memory of 4000 432 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1884-57-0x0000000000330000-0x0000000000352000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:432 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1884-57-0x0000000000330000-0x0000000000352000-memory.dll,#12⤵PID:4000
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4000-130-0x0000000000000000-mapping.dmp