Analysis
-
max time kernel
157s -
max time network
195s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 19:03
Static task
static1
Behavioral task
behavioral1
Sample
056a31035a7bc594bcf1ef659337bbeb66bf9ec4f36fb831e8c674b78a89faa9.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
056a31035a7bc594bcf1ef659337bbeb66bf9ec4f36fb831e8c674b78a89faa9.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
056a31035a7bc594bcf1ef659337bbeb66bf9ec4f36fb831e8c674b78a89faa9.dll
-
Size
3KB
-
MD5
352787f7b6f26d277dba2757a95dddf3
-
SHA1
20e9ac1f440e7e3f290d7607add5ad227a9d6075
-
SHA256
056a31035a7bc594bcf1ef659337bbeb66bf9ec4f36fb831e8c674b78a89faa9
-
SHA512
ee91d8a7e960a117d9852a5901233e417eb87dd28096912afdf9553d7069e829bcb3f5fa3e0673edeaf6e316e355f1d9775f5bfb71d656e707b37ca11a7221df
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3680 wrote to memory of 3208 3680 rundll32.exe rundll32.exe PID 3680 wrote to memory of 3208 3680 rundll32.exe rundll32.exe PID 3680 wrote to memory of 3208 3680 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\056a31035a7bc594bcf1ef659337bbeb66bf9ec4f36fb831e8c674b78a89faa9.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\056a31035a7bc594bcf1ef659337bbeb66bf9ec4f36fb831e8c674b78a89faa9.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3208-132-0x0000000000000000-mapping.dmp