Analysis
-
max time kernel
8s -
max time network
20s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
18-01-2022 22:49
Static task
static1
Behavioral task
behavioral1
Sample
2ce9e4d223ed50fae1e7ebffca322223d0a790c741cf7a420c4bd7ce396942d5.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2ce9e4d223ed50fae1e7ebffca322223d0a790c741cf7a420c4bd7ce396942d5.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
2ce9e4d223ed50fae1e7ebffca322223d0a790c741cf7a420c4bd7ce396942d5.dll
-
Size
631KB
-
MD5
8d5c6e4740c3d5bfd4af757183c6d4eb
-
SHA1
c9a71d57e1a35b09710753bed9e487d62b37e853
-
SHA256
2ce9e4d223ed50fae1e7ebffca322223d0a790c741cf7a420c4bd7ce396942d5
-
SHA512
3285875126af8c441a2a7d97d62cb128ff827aae313d4b652ef06632e6b6961e6aba71d4d870e27d7995c030ae5d295f802dae28b250550d195bfb0531d23cfa
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2900 wrote to memory of 2912 2900 rundll32.exe rundll32.exe PID 2900 wrote to memory of 2912 2900 rundll32.exe rundll32.exe PID 2900 wrote to memory of 2912 2900 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2ce9e4d223ed50fae1e7ebffca322223d0a790c741cf7a420c4bd7ce396942d5.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2ce9e4d223ed50fae1e7ebffca322223d0a790c741cf7a420c4bd7ce396942d5.dll,#12⤵