Analysis
-
max time kernel
121s -
max time network
141s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
24-01-2022 00:41
Static task
static1
Behavioral task
behavioral1
Sample
f9b7313bef7299ae65230408673301494adcbd71bbb726681b6cdd1d241f8e1f.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
f9b7313bef7299ae65230408673301494adcbd71bbb726681b6cdd1d241f8e1f.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
f9b7313bef7299ae65230408673301494adcbd71bbb726681b6cdd1d241f8e1f.dll
-
Size
115KB
-
MD5
77c190d6eff1be7b709126dc1bbf6b06
-
SHA1
4ebe857ebcade6858165c090f613273a5f5f9e8e
-
SHA256
f9b7313bef7299ae65230408673301494adcbd71bbb726681b6cdd1d241f8e1f
-
SHA512
177ae0711fb57138554589ad405e30ad1f10b9006dc64d8e8305365d11d886cc3d8845bdb473da3b69d0eb9eb762f20943a7ba5fb3947edf5c283362b7d59863
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3924 wrote to memory of 3732 3924 rundll32.exe rundll32.exe PID 3924 wrote to memory of 3732 3924 rundll32.exe rundll32.exe PID 3924 wrote to memory of 3732 3924 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f9b7313bef7299ae65230408673301494adcbd71bbb726681b6cdd1d241f8e1f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3924 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f9b7313bef7299ae65230408673301494adcbd71bbb726681b6cdd1d241f8e1f.dll,#12⤵PID:3732