Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
20-06-2023 19:35
Behavioral task
behavioral1
Sample
3087e096c2d7dc1eb89a9b1e6c769b09d0a797965a0de484d915570db49f093b.dll
Resource
win7-20230220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3087e096c2d7dc1eb89a9b1e6c769b09d0a797965a0de484d915570db49f093b.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
3087e096c2d7dc1eb89a9b1e6c769b09d0a797965a0de484d915570db49f093b.dll
-
Size
115KB
-
MD5
699cc58bb54b49f4ea4b7b7fcf639fb4
-
SHA1
2eef07637e3292a92b5c20c050045ac4913ab500
-
SHA256
3087e096c2d7dc1eb89a9b1e6c769b09d0a797965a0de484d915570db49f093b
-
SHA512
9e2fc448a5b365802b4bc37d6c30b46c1ec6af11a388860f3569a0725f978ea31d6cdd5b59a72147a742e5ee3a77489bf479428c82d7669ac4fc94e7342aaeb8
-
SSDEEP
3072:enCpVlW+OfRFTXf+BZFjlplN+GPeunK9AiOuP:PVPwyUQRK2/
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1736 wrote to memory of 1304 1736 rundll32.exe rundll32.exe PID 1736 wrote to memory of 1304 1736 rundll32.exe rundll32.exe PID 1736 wrote to memory of 1304 1736 rundll32.exe rundll32.exe PID 1736 wrote to memory of 1304 1736 rundll32.exe rundll32.exe PID 1736 wrote to memory of 1304 1736 rundll32.exe rundll32.exe PID 1736 wrote to memory of 1304 1736 rundll32.exe rundll32.exe PID 1736 wrote to memory of 1304 1736 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3087e096c2d7dc1eb89a9b1e6c769b09d0a797965a0de484d915570db49f093b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1736 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3087e096c2d7dc1eb89a9b1e6c769b09d0a797965a0de484d915570db49f093b.dll,#12⤵PID:1304
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1304-54-0x0000000000340000-0x00000000003B0000-memory.dmpFilesize
448KB