Analysis
-
max time kernel
121s -
max time network
128s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
01-02-2022 12:40
Static task
static1
Behavioral task
behavioral1
Sample
c62217c3d731798ffd5eeabf66cd214ba2ab7ebc1d4074ebc757928623deb18c.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
c62217c3d731798ffd5eeabf66cd214ba2ab7ebc1d4074ebc757928623deb18c.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
c62217c3d731798ffd5eeabf66cd214ba2ab7ebc1d4074ebc757928623deb18c.dll
-
Size
6KB
-
MD5
f2ba03482cd57eef76f80554374f8a5c
-
SHA1
417560cea970e841fa0d83db73f2e894fa4d261c
-
SHA256
c62217c3d731798ffd5eeabf66cd214ba2ab7ebc1d4074ebc757928623deb18c
-
SHA512
925a08250e459adbcdf7e4753bfcae44ee03be04f3d6da698e2c3c18f6777dafa5229307f1fb7acf2428576c36ac64fbba2a9e7686f8e3822219ad0932eaa974
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1220 wrote to memory of 1412 1220 rundll32.exe 27 PID 1220 wrote to memory of 1412 1220 rundll32.exe 27 PID 1220 wrote to memory of 1412 1220 rundll32.exe 27 PID 1220 wrote to memory of 1412 1220 rundll32.exe 27 PID 1220 wrote to memory of 1412 1220 rundll32.exe 27 PID 1220 wrote to memory of 1412 1220 rundll32.exe 27 PID 1220 wrote to memory of 1412 1220 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c62217c3d731798ffd5eeabf66cd214ba2ab7ebc1d4074ebc757928623deb18c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1220 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c62217c3d731798ffd5eeabf66cd214ba2ab7ebc1d4074ebc757928623deb18c.dll,#12⤵PID:1412
-