Analysis
-
max time kernel
107s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
24-07-2022 16:49
Behavioral task
behavioral1
Sample
604c2ab0a2b912406141d5fdf587ebe1b88347a32523a82c6fbcaf922ae4ed80.dll
Resource
win7-20220715-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
604c2ab0a2b912406141d5fdf587ebe1b88347a32523a82c6fbcaf922ae4ed80.dll
Resource
win10v2004-20220721-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
604c2ab0a2b912406141d5fdf587ebe1b88347a32523a82c6fbcaf922ae4ed80.dll
-
Size
67KB
-
MD5
3204a2da3b1729994bdb30ee2ac1c590
-
SHA1
4b787542f8749d3d3765e1ae34239d5b0f484641
-
SHA256
604c2ab0a2b912406141d5fdf587ebe1b88347a32523a82c6fbcaf922ae4ed80
-
SHA512
c81ff393929b522f1bf8fe1a47c554cf3a92cdfe9e54f2a3aeee159e7c8c07453533c67c462fdd0455f13204cbdae306d82b7cd00cbce52090033d36e79bcdd9
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4336 wrote to memory of 3148 4336 rundll32.exe rundll32.exe PID 4336 wrote to memory of 3148 4336 rundll32.exe rundll32.exe PID 4336 wrote to memory of 3148 4336 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\604c2ab0a2b912406141d5fdf587ebe1b88347a32523a82c6fbcaf922ae4ed80.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\604c2ab0a2b912406141d5fdf587ebe1b88347a32523a82c6fbcaf922ae4ed80.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3148-130-0x0000000000000000-mapping.dmp