Analysis
-
max time kernel
1s -
max time network
6s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
20-01-2022 14:33
Static task
static1
Behavioral task
behavioral1
Sample
ab2c0b36b787b8d1c428c9971c8a4db76ffb03c9c3bf659aa0b03ee45e8ed58a.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ab2c0b36b787b8d1c428c9971c8a4db76ffb03c9c3bf659aa0b03ee45e8ed58a.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
ab2c0b36b787b8d1c428c9971c8a4db76ffb03c9c3bf659aa0b03ee45e8ed58a.dll
-
Size
628KB
-
MD5
51f81eccac70d30d37eab17ebae9c02c
-
SHA1
30e4eb355e5fae3a7a61fa135fbad369fa95c446
-
SHA256
ab2c0b36b787b8d1c428c9971c8a4db76ffb03c9c3bf659aa0b03ee45e8ed58a
-
SHA512
254222657ba6e9b0af5198633e7eff683adc803380144a73f16391341728b8d27648beff4a97ec91b07b7cf7a5b43d5fc7576eb6c2f5eb2a11772f7f3a9324b6
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 624 wrote to memory of 4032 624 rundll32.exe rundll32.exe PID 624 wrote to memory of 4032 624 rundll32.exe rundll32.exe PID 624 wrote to memory of 4032 624 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ab2c0b36b787b8d1c428c9971c8a4db76ffb03c9c3bf659aa0b03ee45e8ed58a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ab2c0b36b787b8d1c428c9971c8a4db76ffb03c9c3bf659aa0b03ee45e8ed58a.dll,#12⤵