Analysis
-
max time kernel
117s -
max time network
132s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
24-01-2022 01:44
Static task
static1
Behavioral task
behavioral1
Sample
7d31ae49957f0a4389a5de3f080efb05d00d33957a53dfd7250f08dffe806b2a.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
7d31ae49957f0a4389a5de3f080efb05d00d33957a53dfd7250f08dffe806b2a.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
7d31ae49957f0a4389a5de3f080efb05d00d33957a53dfd7250f08dffe806b2a.dll
-
Size
164KB
-
MD5
ccd05cef5c5bca8f1b3e9d3ff6485671
-
SHA1
1cfa8ad80961131bc0ce8d3693c36207e108240d
-
SHA256
7d31ae49957f0a4389a5de3f080efb05d00d33957a53dfd7250f08dffe806b2a
-
SHA512
74950fc69dc2ab4b1f062c3acc8dd643fe33ebaef7cc813215542ff9de2d9fdaa72433a0e8d1e866f5c7c47bdf392e704191dfcafcf4447a1db2b76941914829
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
rundll32.exepid process 744 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 964 wrote to memory of 744 964 rundll32.exe rundll32.exe PID 964 wrote to memory of 744 964 rundll32.exe rundll32.exe PID 964 wrote to memory of 744 964 rundll32.exe rundll32.exe PID 964 wrote to memory of 744 964 rundll32.exe rundll32.exe PID 964 wrote to memory of 744 964 rundll32.exe rundll32.exe PID 964 wrote to memory of 744 964 rundll32.exe rundll32.exe PID 964 wrote to memory of 744 964 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7d31ae49957f0a4389a5de3f080efb05d00d33957a53dfd7250f08dffe806b2a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:964 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7d31ae49957f0a4389a5de3f080efb05d00d33957a53dfd7250f08dffe806b2a.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
PID:744