Analysis
-
max time kernel
42s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
15-04-2022 03:58
Static task
static1
Behavioral task
behavioral1
Sample
cb532605ba8d1c3dbc7b7cade848b4f975c73de8efb5d1544269776e4ae524fe.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
cb532605ba8d1c3dbc7b7cade848b4f975c73de8efb5d1544269776e4ae524fe.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
cb532605ba8d1c3dbc7b7cade848b4f975c73de8efb5d1544269776e4ae524fe.dll
-
Size
22KB
-
MD5
c3a248919daa785e7ead0f9c36a58e3a
-
SHA1
8d2ee477031c13dd6855153b68853a8a5aa99dce
-
SHA256
cb532605ba8d1c3dbc7b7cade848b4f975c73de8efb5d1544269776e4ae524fe
-
SHA512
d68daa0efacbd122ad1b759821af6cdd80082b6b18ffcf4281d3de3545bf36b868ef6a4ea47d6629334519d7bf6b5ac6e2a07f442f3d8696982b0b21c6c06307
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1460 wrote to memory of 384 1460 rundll32.exe rundll32.exe PID 1460 wrote to memory of 384 1460 rundll32.exe rundll32.exe PID 1460 wrote to memory of 384 1460 rundll32.exe rundll32.exe PID 1460 wrote to memory of 384 1460 rundll32.exe rundll32.exe PID 1460 wrote to memory of 384 1460 rundll32.exe rundll32.exe PID 1460 wrote to memory of 384 1460 rundll32.exe rundll32.exe PID 1460 wrote to memory of 384 1460 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cb532605ba8d1c3dbc7b7cade848b4f975c73de8efb5d1544269776e4ae524fe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cb532605ba8d1c3dbc7b7cade848b4f975c73de8efb5d1544269776e4ae524fe.dll,#12⤵