Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
13-02-2022 22:36
Static task
static1
Behavioral task
behavioral1
Sample
046235b59fbc6d2c4ec3db0ae6ea10cb53d743c678ca9dca8b2a9d30c7fbb393.dll
Resource
win7-en-20211208
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
046235b59fbc6d2c4ec3db0ae6ea10cb53d743c678ca9dca8b2a9d30c7fbb393.dll
Resource
win10v2004-en-20220113
0 signatures
0 seconds
General
-
Target
046235b59fbc6d2c4ec3db0ae6ea10cb53d743c678ca9dca8b2a9d30c7fbb393.dll
-
Size
163KB
-
MD5
a1cc9b5d85c55d1679cee3a11500fc15
-
SHA1
dcb776035a4f6140d86a8acbac48683035cec701
-
SHA256
046235b59fbc6d2c4ec3db0ae6ea10cb53d743c678ca9dca8b2a9d30c7fbb393
-
SHA512
12220589d5e0f14c07fed9fdb1e5dd24cd518decc7719faa2b95de664be324204ddf4a3dafaf9d49c4932192c27bff501d02a4a1c65c427eae9d414b203a668a
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1540 wrote to memory of 2032 1540 rundll32.exe rundll32.exe PID 1540 wrote to memory of 2032 1540 rundll32.exe rundll32.exe PID 1540 wrote to memory of 2032 1540 rundll32.exe rundll32.exe PID 1540 wrote to memory of 2032 1540 rundll32.exe rundll32.exe PID 1540 wrote to memory of 2032 1540 rundll32.exe rundll32.exe PID 1540 wrote to memory of 2032 1540 rundll32.exe rundll32.exe PID 1540 wrote to memory of 2032 1540 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\046235b59fbc6d2c4ec3db0ae6ea10cb53d743c678ca9dca8b2a9d30c7fbb393.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1540 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\046235b59fbc6d2c4ec3db0ae6ea10cb53d743c678ca9dca8b2a9d30c7fbb393.dll,#12⤵PID:2032
-