Analysis
-
max time kernel
188s -
max time network
198s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
24-11-2022 00:40
Static task
static1
Behavioral task
behavioral1
Sample
8552852bb39be58614538a95017e9cba3282db830bbe0c220ae112edf3399011.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
8552852bb39be58614538a95017e9cba3282db830bbe0c220ae112edf3399011.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
8552852bb39be58614538a95017e9cba3282db830bbe0c220ae112edf3399011.dll
-
Size
3KB
-
MD5
2855444a80d93b4a970a911dae18d560
-
SHA1
1f4bad1ed466d4ed2d07c2bbdd16995633ac17ea
-
SHA256
8552852bb39be58614538a95017e9cba3282db830bbe0c220ae112edf3399011
-
SHA512
15f530d285b0189df069691ee6fbbb865a0fde0d51290591a9415bc1d1680a202c57bed42fb404d3c98eb807319672f3bca42d68d02a7eeaa4441fde1cb944f2
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 864 wrote to memory of 1496 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 1496 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 1496 864 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8552852bb39be58614538a95017e9cba3282db830bbe0c220ae112edf3399011.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8552852bb39be58614538a95017e9cba3282db830bbe0c220ae112edf3399011.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1496-132-0x0000000000000000-mapping.dmp