Analysis
-
max time kernel
6s -
max time network
23s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
01-02-2022 06:21
Behavioral task
behavioral1
Sample
5a9ce6e613360c55e18d082a1279a83bf7a36e1825e4553f8a2672775e8e7b7e.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
5a9ce6e613360c55e18d082a1279a83bf7a36e1825e4553f8a2672775e8e7b7e.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
5a9ce6e613360c55e18d082a1279a83bf7a36e1825e4553f8a2672775e8e7b7e.dll
-
Size
489KB
-
MD5
773ddf5b1f3c6aed86f5a6d5e47d6cf0
-
SHA1
6b78117fdebf7ecd999bed5c80c1eedad38d7307
-
SHA256
5a9ce6e613360c55e18d082a1279a83bf7a36e1825e4553f8a2672775e8e7b7e
-
SHA512
b93ffe3295f70b0e6983e2464809586bae36f46057728a1118f0e55ab5aa41e8e8bf598d32075ea6250136332fe3fce2ec62a183d1a549b811bfac44177d1d08
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3576 wrote to memory of 3208 3576 rundll32.exe rundll32.exe PID 3576 wrote to memory of 3208 3576 rundll32.exe rundll32.exe PID 3576 wrote to memory of 3208 3576 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5a9ce6e613360c55e18d082a1279a83bf7a36e1825e4553f8a2672775e8e7b7e.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5a9ce6e613360c55e18d082a1279a83bf7a36e1825e4553f8a2672775e8e7b7e.dll,#12⤵