Analysis
-
max time kernel
139s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
10-08-2022 13:24
Behavioral task
behavioral1
Sample
6e4aba5f91f4d01295db6a25820bccf96e982c11dc19eac820ec094e8bc5b5b2.dll
Resource
win7-20220718-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
6e4aba5f91f4d01295db6a25820bccf96e982c11dc19eac820ec094e8bc5b5b2.dll
Resource
win10v2004-20220721-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
6e4aba5f91f4d01295db6a25820bccf96e982c11dc19eac820ec094e8bc5b5b2.dll
-
Size
110KB
-
MD5
32cd4b21204a9e867088e41a0be8f6aa
-
SHA1
21f622535ca5ed8c0670382c420d380ba4a41799
-
SHA256
6e4aba5f91f4d01295db6a25820bccf96e982c11dc19eac820ec094e8bc5b5b2
-
SHA512
fc2787ea656668f217607892b704d3d0fd858c023912f78854317d9e91b97f19143f2f1cdc0be3fcd2f51595d03cf356c2ecdec87570f6ac6b3795210b3c375c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1528 wrote to memory of 2112 1528 rundll32.exe rundll32.exe PID 1528 wrote to memory of 2112 1528 rundll32.exe rundll32.exe PID 1528 wrote to memory of 2112 1528 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6e4aba5f91f4d01295db6a25820bccf96e982c11dc19eac820ec094e8bc5b5b2.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6e4aba5f91f4d01295db6a25820bccf96e982c11dc19eac820ec094e8bc5b5b2.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2112-130-0x0000000000000000-mapping.dmp