Analysis
-
max time kernel
116s -
max time network
128s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
30-01-2022 07:55
Static task
static1
Behavioral task
behavioral1
Sample
2ae3e572ea01749df392a54bcf685e606bbb0e69e7f0dc5ed9014203fdea619c.dll
Resource
win7-en-20211208
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2ae3e572ea01749df392a54bcf685e606bbb0e69e7f0dc5ed9014203fdea619c.dll
Resource
win10-en-20211208
0 signatures
0 seconds
General
-
Target
2ae3e572ea01749df392a54bcf685e606bbb0e69e7f0dc5ed9014203fdea619c.dll
-
Size
166KB
-
MD5
b0202897062e62cdbf80a329b496534f
-
SHA1
c15ea2f6565e9aa89be81fa49a0daeb83d205014
-
SHA256
2ae3e572ea01749df392a54bcf685e606bbb0e69e7f0dc5ed9014203fdea619c
-
SHA512
b9bc991412f76055876d18648d37763ca0437b2c70f6464c0c6d18f6d8a1fc40ddd85fcef68194b1a07f7d0eccba86605a4d2d013544372fe1093e0fe51f6211
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2640 wrote to memory of 2680 2640 rundll32.exe 69 PID 2640 wrote to memory of 2680 2640 rundll32.exe 69 PID 2640 wrote to memory of 2680 2640 rundll32.exe 69
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2ae3e572ea01749df392a54bcf685e606bbb0e69e7f0dc5ed9014203fdea619c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2640 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2ae3e572ea01749df392a54bcf685e606bbb0e69e7f0dc5ed9014203fdea619c.dll,#12⤵PID:2680
-