Analysis
-
max time kernel
142s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
04-08-2022 20:19
Behavioral task
behavioral1
Sample
530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc.dll
Resource
win7-20220715-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc.dll
Resource
win10v2004-20220721-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc.dll
-
Size
110KB
-
MD5
86042406b67b22e834bcd1a7cd7ebdd1
-
SHA1
5c17cfaa8cc413e95d3b6afc912ae418c48fb465
-
SHA256
530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc
-
SHA512
c86ff54f91f2e232e22aa3d37845dbffa130504341792a096709df8ff70b55760f1e2ff817c1a13643cde3b6ac610986808fb7dab7b9a94c575350a0b3fe6240
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4476 wrote to memory of 3128 4476 rundll32.exe rundll32.exe PID 4476 wrote to memory of 3128 4476 rundll32.exe rundll32.exe PID 4476 wrote to memory of 3128 4476 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\530b512844e279b34bc64adf339e9e5cdacc4d782624643a1c8254dc911878cc.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3128-130-0x0000000000000000-mapping.dmp