Analysis
-
max time kernel
129s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
08-04-2022 14:48
Static task
static1
Behavioral task
behavioral1
Sample
a347edbe3b48344772aeb91faf49c525.dll
Resource
win7-20220311-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
a347edbe3b48344772aeb91faf49c525.dll
Resource
win10v2004-en-20220113
0 signatures
0 seconds
General
-
Target
a347edbe3b48344772aeb91faf49c525.dll
-
Size
1.7MB
-
MD5
a347edbe3b48344772aeb91faf49c525
-
SHA1
6630b4561647b88dc8664ef2f683a6c59adcbea0
-
SHA256
38be1a5eb7776ab8783f867c85fdf1239b897122208f91c1a818f6776fb946a4
-
SHA512
36061a016fe275a969aa86884746dfa80ec4a654516ffbbfba451307cee1178358d91912069f4150feda5210f33a4b46cfafee8a2a6154aa8d550268f73dd772
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1592 wrote to memory of 1660 1592 rundll32.exe rundll32.exe PID 1592 wrote to memory of 1660 1592 rundll32.exe rundll32.exe PID 1592 wrote to memory of 1660 1592 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a347edbe3b48344772aeb91faf49c525.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a347edbe3b48344772aeb91faf49c525.dll,#12⤵