Analysis
-
max time kernel
139s -
max time network
156s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
24-01-2022 00:49
Static task
static1
Behavioral task
behavioral1
Sample
e51298761b141f01c83299250409b3002ea8ea70cd914f959edcd5829fac9ed6.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
e51298761b141f01c83299250409b3002ea8ea70cd914f959edcd5829fac9ed6.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
e51298761b141f01c83299250409b3002ea8ea70cd914f959edcd5829fac9ed6.dll
-
Size
115KB
-
MD5
b1ab213d39522915097480cb41fde381
-
SHA1
42ad57e1377142f10372a36d996ce9f47cafeb43
-
SHA256
e51298761b141f01c83299250409b3002ea8ea70cd914f959edcd5829fac9ed6
-
SHA512
f29d7578f0c859ac67f766d51b6824e8afd92a61aac32d630481adabc521350085924919c713ab992aaeac81b77a15314578d29858bba9bf7770273e09791895
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4056 wrote to memory of 1900 4056 rundll32.exe rundll32.exe PID 4056 wrote to memory of 1900 4056 rundll32.exe rundll32.exe PID 4056 wrote to memory of 1900 4056 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e51298761b141f01c83299250409b3002ea8ea70cd914f959edcd5829fac9ed6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4056 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e51298761b141f01c83299250409b3002ea8ea70cd914f959edcd5829fac9ed6.dll,#12⤵PID:1900