Analysis
-
max time kernel
39s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
18-04-2022 15:30
Static task
static1
Behavioral task
behavioral1
Sample
69c4f37bac324873c0caea8194b91f9ee804cef77ee21bdb2f8f35e5c884878c.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
69c4f37bac324873c0caea8194b91f9ee804cef77ee21bdb2f8f35e5c884878c.dll
-
Size
667KB
-
MD5
14329d9e980e7a427e941f7d5d71365c
-
SHA1
07ede188c7e143443eb8fcd9dfa347481b34fcc2
-
SHA256
69c4f37bac324873c0caea8194b91f9ee804cef77ee21bdb2f8f35e5c884878c
-
SHA512
6fa538242f02dbf469a9c9ea4ddbdaa628001796b367106d711cb5a38c507badf04194d85f5c3e277ff0742c2bf1873b8e3c68afd9ade8b998ec7c7c442c8e33
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 304 wrote to memory of 1912 304 rundll32.exe 26 PID 304 wrote to memory of 1912 304 rundll32.exe 26 PID 304 wrote to memory of 1912 304 rundll32.exe 26 PID 304 wrote to memory of 1912 304 rundll32.exe 26 PID 304 wrote to memory of 1912 304 rundll32.exe 26 PID 304 wrote to memory of 1912 304 rundll32.exe 26 PID 304 wrote to memory of 1912 304 rundll32.exe 26
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\69c4f37bac324873c0caea8194b91f9ee804cef77ee21bdb2f8f35e5c884878c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:304 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\69c4f37bac324873c0caea8194b91f9ee804cef77ee21bdb2f8f35e5c884878c.dll,#12⤵PID:1912
-