Analysis
-
max time kernel
118s -
max time network
128s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
24-01-2022 01:24
Static task
static1
Behavioral task
behavioral1
Sample
a683598387e9e27fb515703b28b7d7abff0f38c78b172c148a4cc71339896cf2.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
a683598387e9e27fb515703b28b7d7abff0f38c78b172c148a4cc71339896cf2.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
a683598387e9e27fb515703b28b7d7abff0f38c78b172c148a4cc71339896cf2.dll
-
Size
164KB
-
MD5
63b4982a662c0de086d77a627a8765b1
-
SHA1
fc4fd68c29463a123891158bbad80f581a12473a
-
SHA256
a683598387e9e27fb515703b28b7d7abff0f38c78b172c148a4cc71339896cf2
-
SHA512
5b8a953f8aee68f932477d203c9ddb1f8a0c77cc548a8c004ae972ad2886c076088c2f0b808d0b026607a78b573e18781f9a2fb3fc456a4ad477e858853eae92
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1604 wrote to memory of 1332 1604 rundll32.exe rundll32.exe PID 1604 wrote to memory of 1332 1604 rundll32.exe rundll32.exe PID 1604 wrote to memory of 1332 1604 rundll32.exe rundll32.exe PID 1604 wrote to memory of 1332 1604 rundll32.exe rundll32.exe PID 1604 wrote to memory of 1332 1604 rundll32.exe rundll32.exe PID 1604 wrote to memory of 1332 1604 rundll32.exe rundll32.exe PID 1604 wrote to memory of 1332 1604 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a683598387e9e27fb515703b28b7d7abff0f38c78b172c148a4cc71339896cf2.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1604 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a683598387e9e27fb515703b28b7d7abff0f38c78b172c148a4cc71339896cf2.dll,#12⤵PID:1332