Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
01-02-2022 12:40
Static task
static1
Behavioral task
behavioral1
Sample
ff2b9b6121b3812a344144bfa4082c8b7567af1e75e352fde64eee6d060b18d8.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ff2b9b6121b3812a344144bfa4082c8b7567af1e75e352fde64eee6d060b18d8.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
ff2b9b6121b3812a344144bfa4082c8b7567af1e75e352fde64eee6d060b18d8.dll
-
Size
6KB
-
MD5
1cd6aba7a98a884da1b038bb5d74071d
-
SHA1
a113d6af994fdd81c70b9cf5b8a3f11819c7c568
-
SHA256
ff2b9b6121b3812a344144bfa4082c8b7567af1e75e352fde64eee6d060b18d8
-
SHA512
be08ebed96c90640d5e90e7ab43c29e5c0ba4a0a7c16c6db10ae3de4b84f27e5347170a97cfa99fa9493f42fd3ea32c79f437fabd9fb1dc0bd2292d882f3f7e8
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1268 wrote to memory of 1292 1268 rundll32.exe rundll32.exe PID 1268 wrote to memory of 1292 1268 rundll32.exe rundll32.exe PID 1268 wrote to memory of 1292 1268 rundll32.exe rundll32.exe PID 1268 wrote to memory of 1292 1268 rundll32.exe rundll32.exe PID 1268 wrote to memory of 1292 1268 rundll32.exe rundll32.exe PID 1268 wrote to memory of 1292 1268 rundll32.exe rundll32.exe PID 1268 wrote to memory of 1292 1268 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ff2b9b6121b3812a344144bfa4082c8b7567af1e75e352fde64eee6d060b18d8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1268 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ff2b9b6121b3812a344144bfa4082c8b7567af1e75e352fde64eee6d060b18d8.dll,#12⤵PID:1292