Overview

overview

10

Static

static

10

1764-57-0x...ry.dll

windows7_x64

1

1764-57-0x...ry.dll

windows10-2004_x64

1

Analysis

  • max time kernel
    91s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    12-07-2022 08:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1764-57-0x0000000000260000-0x0000000000282000-memory.dll

  • Size

    136KB

  • MD5

    525119a368b99a9120a51d790bc1ec7d

  • SHA1

    ee5a89fac6aa9b82709df6dbfb9be584295f4f37

  • SHA256

    62cac929ebf22f267a35629ff6ee5e559eebcc33041d0bfd971d85109056125c

  • SHA512

    35606c62409e660e222539fdb5c0a35fbff766a4d651de661ba2b60e57ada4908113d5ca3888f49a0f80acdbde326b9b0065ba8ab77b689fcd6b2c14c34b05cc

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1764-57-0x0000000000260000-0x0000000000282000-memory.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4528
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1764-57-0x0000000000260000-0x0000000000282000-memory.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4936
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\1764-57-0x0000000000260000-0x0000000000282000-memory.dll,#1
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1364
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe C:\Users\Admin\AppData\Local\Temp\1764-57-0x0000000000260000-0x0000000000282000-memory.dll,#1
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:4980
          • C:\Windows\SysWOW64\rundll32.exe
            rundll32.exe C:\Users\Admin\AppData\Local\Temp\1764-57-0x0000000000260000-0x0000000000282000-memory.dll,#1
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:4564
            • C:\Windows\SysWOW64\rundll32.exe
              rundll32.exe C:\Users\Admin\AppData\Local\Temp\1764-57-0x0000000000260000-0x0000000000282000-memory.dll,#1
              6⤵
              • Suspicious use of WriteProcessMemory
              PID:4968
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32.exe C:\Users\Admin\AppData\Local\Temp\1764-57-0x0000000000260000-0x0000000000282000-memory.dll,#1
                7⤵
                • Suspicious use of WriteProcessMemory
                PID:3740
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1764-57-0x0000000000260000-0x0000000000282000-memory.dll,#1
                  8⤵
                  • Suspicious use of WriteProcessMemory
                  PID:3316
                  • C:\Windows\SysWOW64\rundll32.exe
                    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1764-57-0x0000000000260000-0x0000000000282000-memory.dll,#1
                    9⤵
                    • Suspicious use of WriteProcessMemory
                    PID:1784
                    • C:\Windows\SysWOW64\rundll32.exe
                      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1764-57-0x0000000000260000-0x0000000000282000-memory.dll,#1
                      10⤵
                        PID:4268

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1364-131-0x0000000000000000-mapping.dmp
      Download
    • memory/1784-137-0x0000000000000000-mapping.dmp
      Download
    • memory/3316-136-0x0000000000000000-mapping.dmp
      Download
    • memory/3740-135-0x0000000000000000-mapping.dmp
      Download
    • memory/4268-138-0x0000000000000000-mapping.dmp
      Download
    • memory/4564-133-0x0000000000000000-mapping.dmp
      Download
    • memory/4936-130-0x0000000000000000-mapping.dmp
      Download
    • memory/4968-134-0x0000000000000000-mapping.dmp
      Download
    • memory/4980-132-0x0000000000000000-mapping.dmp
      Download