Analysis
-
max time kernel
34s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
18-04-2022 15:30
Static task
static1
Behavioral task
behavioral1
Sample
a136ba9a5582e0f317934712213eb7bd3758fad92750e02218e29671bda99957.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
a136ba9a5582e0f317934712213eb7bd3758fad92750e02218e29671bda99957.dll
-
Size
667KB
-
MD5
be4aefb22447f242df181e65db380687
-
SHA1
39699d67309a9b8817707a69a915ca0a0a57c607
-
SHA256
a136ba9a5582e0f317934712213eb7bd3758fad92750e02218e29671bda99957
-
SHA512
fe1c3667ad73732c27bc48a3a7a64a7ec25e8c0bdc057131e73cacfb01dff5828b507d91b1257f2aa09b6b2cb911ff53b6d5d29e50b32c6ef8c7bfac4eb96029
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1276 wrote to memory of 1972 1276 rundll32.exe rundll32.exe PID 1276 wrote to memory of 1972 1276 rundll32.exe rundll32.exe PID 1276 wrote to memory of 1972 1276 rundll32.exe rundll32.exe PID 1276 wrote to memory of 1972 1276 rundll32.exe rundll32.exe PID 1276 wrote to memory of 1972 1276 rundll32.exe rundll32.exe PID 1276 wrote to memory of 1972 1276 rundll32.exe rundll32.exe PID 1276 wrote to memory of 1972 1276 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a136ba9a5582e0f317934712213eb7bd3758fad92750e02218e29671bda99957.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a136ba9a5582e0f317934712213eb7bd3758fad92750e02218e29671bda99957.dll,#12⤵