Analysis
-
max time kernel
176s -
max time network
188s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 15:49
Static task
static1
Behavioral task
behavioral1
Sample
8250a7f9190a6ecf4bc6d19c35af3ee7cc7c242cd02d239e3fa093225f76e332.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
8250a7f9190a6ecf4bc6d19c35af3ee7cc7c242cd02d239e3fa093225f76e332.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
8250a7f9190a6ecf4bc6d19c35af3ee7cc7c242cd02d239e3fa093225f76e332.dll
-
Size
3KB
-
MD5
45624fd0c5afa5c132a24333079db0e0
-
SHA1
bfa7fc25c7898e5bdf2f69f5e2f41af1eedc359b
-
SHA256
8250a7f9190a6ecf4bc6d19c35af3ee7cc7c242cd02d239e3fa093225f76e332
-
SHA512
09a04f9f20171af15382025b55fa5d8e595e3a8805ba7fd246cce14fa0e9d4d9473688a83943406fef4a5ce3b44770d138a140af7eddc960632d5a9624e967c9
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2884 wrote to memory of 4960 2884 rundll32.exe rundll32.exe PID 2884 wrote to memory of 4960 2884 rundll32.exe rundll32.exe PID 2884 wrote to memory of 4960 2884 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8250a7f9190a6ecf4bc6d19c35af3ee7cc7c242cd02d239e3fa093225f76e332.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8250a7f9190a6ecf4bc6d19c35af3ee7cc7c242cd02d239e3fa093225f76e332.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4960-132-0x0000000000000000-mapping.dmp