Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
24-12-2021 11:10
Static task
static1
Behavioral task
behavioral1
Sample
394a8f52740bf387008548ca3e8e47b890e3a5c5f208f5fbde6fd57e5a25bdb1.bin.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
394a8f52740bf387008548ca3e8e47b890e3a5c5f208f5fbde6fd57e5a25bdb1.bin.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
394a8f52740bf387008548ca3e8e47b890e3a5c5f208f5fbde6fd57e5a25bdb1.bin.dll
-
Size
5KB
-
MD5
d56443c835e68547256b2b8ce64fcd73
-
SHA1
ca817b7459c98c25a5d845f8734d3227430520b3
-
SHA256
394a8f52740bf387008548ca3e8e47b890e3a5c5f208f5fbde6fd57e5a25bdb1
-
SHA512
aae457f9b572c985e0fdd2c5d47ff3b5dae05211e53e693f261abee6c5a3ef71a02521250b19f606099e3c4e4f07ac0c7440b9a118fa075de9cd0a06f970936d
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1600 wrote to memory of 1656 1600 rundll32.exe 27 PID 1600 wrote to memory of 1656 1600 rundll32.exe 27 PID 1600 wrote to memory of 1656 1600 rundll32.exe 27 PID 1600 wrote to memory of 1656 1600 rundll32.exe 27 PID 1600 wrote to memory of 1656 1600 rundll32.exe 27 PID 1600 wrote to memory of 1656 1600 rundll32.exe 27 PID 1600 wrote to memory of 1656 1600 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\394a8f52740bf387008548ca3e8e47b890e3a5c5f208f5fbde6fd57e5a25bdb1.bin.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1600 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\394a8f52740bf387008548ca3e8e47b890e3a5c5f208f5fbde6fd57e5a25bdb1.bin.dll,#12⤵PID:1656
-