Analysis
-
max time kernel
120s -
max time network
141s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
30-01-2022 08:00
Static task
static1
Behavioral task
behavioral1
Sample
15a53543bd1b08ed96142ee57a133dabd82fcce3fefcf97a81cbbe7d6f9cf312.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
15a53543bd1b08ed96142ee57a133dabd82fcce3fefcf97a81cbbe7d6f9cf312.dll
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
15a53543bd1b08ed96142ee57a133dabd82fcce3fefcf97a81cbbe7d6f9cf312.dll
-
Size
164KB
-
MD5
7e0c6108b57e5bec6f7bf6b477b9dbec
-
SHA1
211401c761b575ac6b2e2d6839261a5d9b51a400
-
SHA256
15a53543bd1b08ed96142ee57a133dabd82fcce3fefcf97a81cbbe7d6f9cf312
-
SHA512
7a6a593aa90e4147270645d4d65d633c62fa7765269930df88f2f0764a53d107259c3eb9a720177875a252c9ca531eb5897c733d2e7d97f4603cd4e1cd7f14ba
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3912 wrote to memory of 3280 3912 rundll32.exe rundll32.exe PID 3912 wrote to memory of 3280 3912 rundll32.exe rundll32.exe PID 3912 wrote to memory of 3280 3912 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\15a53543bd1b08ed96142ee57a133dabd82fcce3fefcf97a81cbbe7d6f9cf312.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3912 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\15a53543bd1b08ed96142ee57a133dabd82fcce3fefcf97a81cbbe7d6f9cf312.dll,#12⤵PID:3280