Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
30-01-2022 07:57
Static task
static1
Behavioral task
behavioral1
Sample
1964648e1f5546ed1080fbc26566b46ddeaa454872626df8d69b207b7a03a042.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1964648e1f5546ed1080fbc26566b46ddeaa454872626df8d69b207b7a03a042.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
1964648e1f5546ed1080fbc26566b46ddeaa454872626df8d69b207b7a03a042.dll
-
Size
164KB
-
MD5
0af67eeff2a25ebfda8f9dad73e15136
-
SHA1
63059028e812e75733815fa6b66a0a5ed3afe058
-
SHA256
1964648e1f5546ed1080fbc26566b46ddeaa454872626df8d69b207b7a03a042
-
SHA512
615af3ad1a2e31a3d5f48956bc82ae19bc77320aa2666ea4a37d4a1deb64fa226131b33c15f8298f7f94e4d461799d6dbdd76c979588769df45bdb16d8520695
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1636 wrote to memory of 1656 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1656 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1656 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1656 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1656 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1656 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1656 1636 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964648e1f5546ed1080fbc26566b46ddeaa454872626df8d69b207b7a03a042.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1636 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964648e1f5546ed1080fbc26566b46ddeaa454872626df8d69b207b7a03a042.dll,#12⤵PID:1656