Analysis
-
max time kernel
123s -
max time network
125s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
29-01-2022 21:50
Static task
static1
Behavioral task
behavioral1
Sample
84332eb92ad2cde1781383cc6b3923cf31027be28594be5567135e117b64be93.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
84332eb92ad2cde1781383cc6b3923cf31027be28594be5567135e117b64be93.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
84332eb92ad2cde1781383cc6b3923cf31027be28594be5567135e117b64be93.dll
-
Size
67KB
-
MD5
b5dcd230c70b652c7af3e636aea6bbb8
-
SHA1
5e9a782544550e26ec37155df9852d143efeb59b
-
SHA256
84332eb92ad2cde1781383cc6b3923cf31027be28594be5567135e117b64be93
-
SHA512
54e687004c42cbc52e1aa7c6f9040dfdd85c8208cef1f1218b36a1edff94edbc152400750c60456c3b20902641945de48fe742f3ee8ae9385b91554931dc5f7d
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1964 wrote to memory of 1928 1964 rundll32.exe rundll32.exe PID 1964 wrote to memory of 1928 1964 rundll32.exe rundll32.exe PID 1964 wrote to memory of 1928 1964 rundll32.exe rundll32.exe PID 1964 wrote to memory of 1928 1964 rundll32.exe rundll32.exe PID 1964 wrote to memory of 1928 1964 rundll32.exe rundll32.exe PID 1964 wrote to memory of 1928 1964 rundll32.exe rundll32.exe PID 1964 wrote to memory of 1928 1964 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\84332eb92ad2cde1781383cc6b3923cf31027be28594be5567135e117b64be93.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1964 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\84332eb92ad2cde1781383cc6b3923cf31027be28594be5567135e117b64be93.dll,#12⤵PID:1928