Analysis
-
max time kernel
31s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
18-04-2022 15:31
Static task
static1
Behavioral task
behavioral1
Sample
3339b6583d38272cebd9ebfb71b3b0d582111dd144bad01574f6301e66df3249.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
3339b6583d38272cebd9ebfb71b3b0d582111dd144bad01574f6301e66df3249.dll
-
Size
1.6MB
-
MD5
230191db3261029a7a170936d783ed59
-
SHA1
54bf5e9e7d0e84e9eaa9539f109b165df55e72c9
-
SHA256
3339b6583d38272cebd9ebfb71b3b0d582111dd144bad01574f6301e66df3249
-
SHA512
6fac72dd92550dfc29a7c86cc7fb45d49649874908021eab652f308431323191a21c618008cb9c57a47be3cf5e2105f003b7ac142f3029febe100ed83a149d16
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1988 wrote to memory of 1876 1988 rundll32.exe rundll32.exe PID 1988 wrote to memory of 1876 1988 rundll32.exe rundll32.exe PID 1988 wrote to memory of 1876 1988 rundll32.exe rundll32.exe PID 1988 wrote to memory of 1876 1988 rundll32.exe rundll32.exe PID 1988 wrote to memory of 1876 1988 rundll32.exe rundll32.exe PID 1988 wrote to memory of 1876 1988 rundll32.exe rundll32.exe PID 1988 wrote to memory of 1876 1988 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3339b6583d38272cebd9ebfb71b3b0d582111dd144bad01574f6301e66df3249.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3339b6583d38272cebd9ebfb71b3b0d582111dd144bad01574f6301e66df3249.dll,#12⤵