Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220331-en -
submitted
06-04-2022 00:19
Static task
static1
Behavioral task
behavioral1
Sample
avast_update.dll
Resource
win7-20220331-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
avast_update.dll
Resource
win10v2004-20220331-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
avast_update.dll
-
Size
1.6MB
-
MD5
b284363026bd2eef844085d6826d63ed
-
SHA1
94143d6470da270fc2a623c264ea1b939fa0ad58
-
SHA256
71e54b829631b93adc102824a4d3f99c804581ead8058b684df25f1c9039b738
-
SHA512
efcc636c53d7989ecf93e21dc5e8fbfa3017c45ac675c00b2cee68178f255b2a877f15ac8358019301dfbb2c742f515b978df84785d76b2cbdabc38b5cf46e70
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
flow pid Process 1 876 rundll32.exe 2 876 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1940 wrote to memory of 876 1940 rundll32.exe 28 PID 1940 wrote to memory of 876 1940 rundll32.exe 28 PID 1940 wrote to memory of 876 1940 rundll32.exe 28 PID 1940 wrote to memory of 876 1940 rundll32.exe 28 PID 1940 wrote to memory of 876 1940 rundll32.exe 28 PID 1940 wrote to memory of 876 1940 rundll32.exe 28 PID 1940 wrote to memory of 876 1940 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\avast_update.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1940 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\avast_update.dll,#12⤵
- Blocklisted process makes network request
PID:876
-