Analysis
-
max time kernel
4294179s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
31-03-2022 14:48
Behavioral task
behavioral1
Sample
1920-57-0x00000000026B0000-0x0000000002D0E000-memory.dll
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1920-57-0x00000000026B0000-0x0000000002D0E000-memory.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1920-57-0x00000000026B0000-0x0000000002D0E000-memory.dll
-
Size
6.4MB
-
MD5
c842f250d6855a0182937ccc80a01f52
-
SHA1
9dd46c4f12344d620d4564675846e44cdaaea668
-
SHA256
8680837cefa0baf00e77919cc01f39d421649012c5f5370fdf04be4ebc006274
-
SHA512
5e8b7ce9c57e1960f56f5ac65dd8249596400c694999aede9df08d368010b83412dccc0c035a02cb62526e461fcf6969d4f5eeb57e3cb44b99acdf41cc5060cf
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1104 wrote to memory of 1092 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1092 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1092 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1092 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1092 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1092 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1092 1104 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1920-57-0x00000000026B0000-0x0000000002D0E000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1920-57-0x00000000026B0000-0x0000000002D0E000-memory.dll,#12⤵