Analysis
-
max time kernel
146s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 16:58
Static task
static1
Behavioral task
behavioral1
Sample
3def1279f1f9bbcdb8dfe270af57818df2421e3be3bfd43c01017d8e34b74e05.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3def1279f1f9bbcdb8dfe270af57818df2421e3be3bfd43c01017d8e34b74e05.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
3def1279f1f9bbcdb8dfe270af57818df2421e3be3bfd43c01017d8e34b74e05.dll
-
Size
3KB
-
MD5
4949bf97ced872b49c37c7133dfcfe00
-
SHA1
02c6f063cfb44a155bb033bcf5d7b6e333f4d158
-
SHA256
3def1279f1f9bbcdb8dfe270af57818df2421e3be3bfd43c01017d8e34b74e05
-
SHA512
aacb5b740a6a618a7c551bdb48da4c059211dc39e57006b75094eae604f06a28f047de1fab13f61bb6e9d553660a56af7c1b7e8cea597c37ec6e147cb47ab4f8
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4844 wrote to memory of 4548 4844 rundll32.exe rundll32.exe PID 4844 wrote to memory of 4548 4844 rundll32.exe rundll32.exe PID 4844 wrote to memory of 4548 4844 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3def1279f1f9bbcdb8dfe270af57818df2421e3be3bfd43c01017d8e34b74e05.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3def1279f1f9bbcdb8dfe270af57818df2421e3be3bfd43c01017d8e34b74e05.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4548-132-0x0000000000000000-mapping.dmp