Analysis
-
max time kernel
7s -
max time network
13s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
05-02-2022 10:53
Behavioral task
behavioral1
Sample
ba7e4f4e60e5307e25ee0e052018e25de9a9dc310a1d58cade18f50c8a407591.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ba7e4f4e60e5307e25ee0e052018e25de9a9dc310a1d58cade18f50c8a407591.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
ba7e4f4e60e5307e25ee0e052018e25de9a9dc310a1d58cade18f50c8a407591.dll
-
Size
161KB
-
MD5
6015bbeee416d93df03e4f7c3f7c2f96
-
SHA1
8f26971ca886eec445006442322f656a7f27313a
-
SHA256
ba7e4f4e60e5307e25ee0e052018e25de9a9dc310a1d58cade18f50c8a407591
-
SHA512
d70d75452b28d6dbba2d182f1d4b3134d80c4fa952b394a707d8a84a01c6d90fa4f422ea617ead7ea3dfbe4b2ad2a3b53e0752044c0dadfc252bc4f4ff84980b
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1276 wrote to memory of 3124 1276 rundll32.exe rundll32.exe PID 1276 wrote to memory of 3124 1276 rundll32.exe rundll32.exe PID 1276 wrote to memory of 3124 1276 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ba7e4f4e60e5307e25ee0e052018e25de9a9dc310a1d58cade18f50c8a407591.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ba7e4f4e60e5307e25ee0e052018e25de9a9dc310a1d58cade18f50c8a407591.dll,#12⤵