Analysis
-
max time kernel
124s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
24-07-2022 21:15
Behavioral task
behavioral1
Sample
5edcad81ab74ed774fe21feccfe12ba0f1f381e0952db3a4267b671ddce5aea0.dll
Resource
win7-20220715-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
5edcad81ab74ed774fe21feccfe12ba0f1f381e0952db3a4267b671ddce5aea0.dll
Resource
win10v2004-20220721-en
1 signatures
150 seconds
General
-
Target
5edcad81ab74ed774fe21feccfe12ba0f1f381e0952db3a4267b671ddce5aea0.dll
-
Size
164KB
-
MD5
d886d51b2540ea15d209ff230085d4e9
-
SHA1
c351a44ebade3632570e67d8d1bd109848b66dd6
-
SHA256
5edcad81ab74ed774fe21feccfe12ba0f1f381e0952db3a4267b671ddce5aea0
-
SHA512
1112b4bf6f48298d23602a8a65bbacbdf4c20b37acbafecc0b995dcec99edcb4da75c1093712513e5bf87fffb9c076eb48dbf04f61ab8de239d6183d2265044b
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4404 wrote to memory of 1884 4404 rundll32.exe rundll32.exe PID 4404 wrote to memory of 1884 4404 rundll32.exe rundll32.exe PID 4404 wrote to memory of 1884 4404 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5edcad81ab74ed774fe21feccfe12ba0f1f381e0952db3a4267b671ddce5aea0.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5edcad81ab74ed774fe21feccfe12ba0f1f381e0952db3a4267b671ddce5aea0.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1884-130-0x0000000000000000-mapping.dmp