Analysis
-
max time kernel
3s -
max time network
15s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
05-02-2022 08:12
Behavioral task
behavioral1
Sample
f00e493560742bfb091591f3bd2dac32fa74de72bd9949e6ad7a0e255193e20a.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
f00e493560742bfb091591f3bd2dac32fa74de72bd9949e6ad7a0e255193e20a.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
f00e493560742bfb091591f3bd2dac32fa74de72bd9949e6ad7a0e255193e20a.dll
-
Size
581KB
-
MD5
0e46dbfab22c5844c4a72412ab09b42c
-
SHA1
3f5e160e703675cb5e95b8e9dbc85ef61ad08386
-
SHA256
f00e493560742bfb091591f3bd2dac32fa74de72bd9949e6ad7a0e255193e20a
-
SHA512
40afefb607db78b8d998d34bcb89140f95f681238a0def8e7afed1004059b3ca10e21b7997e9f5c8deee0263ea908b78df86228c167fa3ada60d30dd471983b6
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4732 wrote to memory of 4952 4732 rundll32.exe rundll32.exe PID 4732 wrote to memory of 4952 4732 rundll32.exe rundll32.exe PID 4732 wrote to memory of 4952 4732 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f00e493560742bfb091591f3bd2dac32fa74de72bd9949e6ad7a0e255193e20a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f00e493560742bfb091591f3bd2dac32fa74de72bd9949e6ad7a0e255193e20a.dll,#12⤵