Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
14-12-2021 08:04
Behavioral task
behavioral1
Sample
tmp/b6ae2706d2176b991b937d48bed5c4af7a76fa1a8778bb28531eddbff3ed289a.exe.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
tmp/b6ae2706d2176b991b937d48bed5c4af7a76fa1a8778bb28531eddbff3ed289a.exe.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
tmp/b6ae2706d2176b991b937d48bed5c4af7a76fa1a8778bb28531eddbff3ed289a.exe.dll
-
Size
42KB
-
MD5
82ccb90da20b65bcdad25bdd5a7d6f05
-
SHA1
ecea5d6a57c1e23010b45d4d04dcc1ffda19e5fe
-
SHA256
b6ae2706d2176b991b937d48bed5c4af7a76fa1a8778bb28531eddbff3ed289a
-
SHA512
d85d570d5269cfc945b764d3530680c5910b152247893f5b8a1d108a16b52704547e754d5cda59392aeb28d417ad8e0534c75cee06d3bc636190ebece4cc4a61
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1528 wrote to memory of 1584 1528 rundll32.exe rundll32.exe PID 1528 wrote to memory of 1584 1528 rundll32.exe rundll32.exe PID 1528 wrote to memory of 1584 1528 rundll32.exe rundll32.exe PID 1528 wrote to memory of 1584 1528 rundll32.exe rundll32.exe PID 1528 wrote to memory of 1584 1528 rundll32.exe rundll32.exe PID 1528 wrote to memory of 1584 1528 rundll32.exe rundll32.exe PID 1528 wrote to memory of 1584 1528 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\tmp\b6ae2706d2176b991b937d48bed5c4af7a76fa1a8778bb28531eddbff3ed289a.exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\tmp\b6ae2706d2176b991b937d48bed5c4af7a76fa1a8778bb28531eddbff3ed289a.exe.dll,#12⤵