Analysis
-
max time kernel
122s -
max time network
137s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
24-01-2022 01:38
Static task
static1
Behavioral task
behavioral1
Sample
8a43b042a95595a00bb4ddef4cddc3a164b38ef0dbd3818f896aa42657c08374.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
8a43b042a95595a00bb4ddef4cddc3a164b38ef0dbd3818f896aa42657c08374.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
8a43b042a95595a00bb4ddef4cddc3a164b38ef0dbd3818f896aa42657c08374.dll
-
Size
164KB
-
MD5
53b5ee7a1b766ee06a8227bb0808f140
-
SHA1
8de198317b0fc937cf0f3b679ca12b0994d05583
-
SHA256
8a43b042a95595a00bb4ddef4cddc3a164b38ef0dbd3818f896aa42657c08374
-
SHA512
a497a71ac75e77646a414b04a07a60a1a57bf956a481c479980c9a6b0f9779af8f0347e8cf6870c381580fd2c72d408bbb963712f1b7c31e2f920de4b131e0c9
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1668 wrote to memory of 1620 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1620 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1620 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1620 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1620 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1620 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 1620 1668 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8a43b042a95595a00bb4ddef4cddc3a164b38ef0dbd3818f896aa42657c08374.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1668 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8a43b042a95595a00bb4ddef4cddc3a164b38ef0dbd3818f896aa42657c08374.dll,#12⤵PID:1620