Analysis
-
max time kernel
8s -
max time network
14s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
20-01-2022 05:00
Static task
static1
Behavioral task
behavioral1
Sample
1d735649a27067b1397141a75e74e858c62457d05aa6be1d69b17d4e1835db49.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1d735649a27067b1397141a75e74e858c62457d05aa6be1d69b17d4e1835db49.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1d735649a27067b1397141a75e74e858c62457d05aa6be1d69b17d4e1835db49.dll
-
Size
628KB
-
MD5
e3639b7a074b4349f96e9dcf59c22cde
-
SHA1
36ebed9ab3e530752a49658f76cf6c26bbebbd97
-
SHA256
1d735649a27067b1397141a75e74e858c62457d05aa6be1d69b17d4e1835db49
-
SHA512
49042451af9bc8bc383bc9eff248447fda7c0437941a1e6f2a97276d9d9aee464045423e594084fb4865e997a7f5db82baf066244faf94e1e24f74a6cfc45083
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3152 wrote to memory of 1696 3152 rundll32.exe rundll32.exe PID 3152 wrote to memory of 1696 3152 rundll32.exe rundll32.exe PID 3152 wrote to memory of 1696 3152 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1d735649a27067b1397141a75e74e858c62457d05aa6be1d69b17d4e1835db49.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1d735649a27067b1397141a75e74e858c62457d05aa6be1d69b17d4e1835db49.dll,#12⤵