Analysis
-
max time kernel
125s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-20220310-en -
submitted
20-03-2022 07:10
Static task
static1
Behavioral task
behavioral1
Sample
29eeb96134e88d61433cff8342549aae73fb68bb7cc037febb9b87846a2531ec.dll
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
29eeb96134e88d61433cff8342549aae73fb68bb7cc037febb9b87846a2531ec.dll
Resource
win10v2004-20220310-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
29eeb96134e88d61433cff8342549aae73fb68bb7cc037febb9b87846a2531ec.dll
-
Size
206KB
-
MD5
e8ae682eebf5c33bf0d325923a0bbe6d
-
SHA1
ec1e96bd76db278f75f3054fc1776cea89d1e0ce
-
SHA256
29eeb96134e88d61433cff8342549aae73fb68bb7cc037febb9b87846a2531ec
-
SHA512
b371db0ccf2f32e91549ef2798b2c8699c2300bac06bb4fe08bab5e637a2f7f06f73fe1fc63f05677d7b3bda4940f53b33140e6b6f455073407acc6566dd9904
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5024 wrote to memory of 828 5024 rundll32.exe rundll32.exe PID 5024 wrote to memory of 828 5024 rundll32.exe rundll32.exe PID 5024 wrote to memory of 828 5024 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\29eeb96134e88d61433cff8342549aae73fb68bb7cc037febb9b87846a2531ec.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\29eeb96134e88d61433cff8342549aae73fb68bb7cc037febb9b87846a2531ec.dll,#12⤵