Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
27-12-2021 09:13
Behavioral task
behavioral1
Sample
tmp/4301e7b9930f5dd947d54f9f3bf287eb4e925c31942ecf0eab4a0c79c29fd39d.exe.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
tmp/4301e7b9930f5dd947d54f9f3bf287eb4e925c31942ecf0eab4a0c79c29fd39d.exe.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
tmp/4301e7b9930f5dd947d54f9f3bf287eb4e925c31942ecf0eab4a0c79c29fd39d.exe.dll
-
Size
132KB
-
MD5
7eff73c1b8448ce059f5b3be69ca05ca
-
SHA1
e7e851d35d466ce5302531749df6bcc8dcb46d6d
-
SHA256
4301e7b9930f5dd947d54f9f3bf287eb4e925c31942ecf0eab4a0c79c29fd39d
-
SHA512
da95c4518f109ef36ff09f7f468f8afc92f44686346ee0546be276fb9d77cecba7c60955d1a4ed170c7446bdd40fd0791ceb57e77531f13f1e33f221aec72b38
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1564 wrote to memory of 1552 1564 rundll32.exe rundll32.exe PID 1564 wrote to memory of 1552 1564 rundll32.exe rundll32.exe PID 1564 wrote to memory of 1552 1564 rundll32.exe rundll32.exe PID 1564 wrote to memory of 1552 1564 rundll32.exe rundll32.exe PID 1564 wrote to memory of 1552 1564 rundll32.exe rundll32.exe PID 1564 wrote to memory of 1552 1564 rundll32.exe rundll32.exe PID 1564 wrote to memory of 1552 1564 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\tmp\4301e7b9930f5dd947d54f9f3bf287eb4e925c31942ecf0eab4a0c79c29fd39d.exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\tmp\4301e7b9930f5dd947d54f9f3bf287eb4e925c31942ecf0eab4a0c79c29fd39d.exe.dll,#12⤵