Analysis
-
max time kernel
81s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
24-11-2022 00:40
Static task
static1
Behavioral task
behavioral1
Sample
8f3efd199ac255a69425bee62f00b77600de704b706af63ad92f5b8b075b55ec.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
8f3efd199ac255a69425bee62f00b77600de704b706af63ad92f5b8b075b55ec.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
8f3efd199ac255a69425bee62f00b77600de704b706af63ad92f5b8b075b55ec.dll
-
Size
3KB
-
MD5
005106f7588d9e416bb7c66ce3b0a960
-
SHA1
6d3428acbeba4725bce8b876662b9a10c0b97fd0
-
SHA256
8f3efd199ac255a69425bee62f00b77600de704b706af63ad92f5b8b075b55ec
-
SHA512
fa80f73426b88200d17071bc235dfa890792e260b150318175cf6c4560f8e725748cfaaac3da19133d2d499ef003fdca46fca9fc774d02ca33023f58b312d169
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3248 wrote to memory of 4100 3248 rundll32.exe rundll32.exe PID 3248 wrote to memory of 4100 3248 rundll32.exe rundll32.exe PID 3248 wrote to memory of 4100 3248 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8f3efd199ac255a69425bee62f00b77600de704b706af63ad92f5b8b075b55ec.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8f3efd199ac255a69425bee62f00b77600de704b706af63ad92f5b8b075b55ec.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4100-132-0x0000000000000000-mapping.dmp