Analysis
-
max time kernel
14s -
max time network
175s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
19-04-2022 04:06
Static task
static1
Behavioral task
behavioral1
Sample
456750efc3ddf0cd4593164d18b55287eec0ede2799e753e5883db21dbbef8c3.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
456750efc3ddf0cd4593164d18b55287eec0ede2799e753e5883db21dbbef8c3.dll
-
Size
275KB
-
MD5
4ec9ed400a8d45b102bcf85de77218c3
-
SHA1
2d482fb741a7e30f70e6c6a48bfa2d3aff94a82d
-
SHA256
456750efc3ddf0cd4593164d18b55287eec0ede2799e753e5883db21dbbef8c3
-
SHA512
cd284443049bb5645049989d89803414ab8180759f97388033a8ccfdf165deda5f7efac6102cca9a6a4c147b36b694ba75d5cc46226b7bf234fa808191177a0a
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1160 wrote to memory of 1716 1160 rundll32.exe rundll32.exe PID 1160 wrote to memory of 1716 1160 rundll32.exe rundll32.exe PID 1160 wrote to memory of 1716 1160 rundll32.exe rundll32.exe PID 1160 wrote to memory of 1716 1160 rundll32.exe rundll32.exe PID 1160 wrote to memory of 1716 1160 rundll32.exe rundll32.exe PID 1160 wrote to memory of 1716 1160 rundll32.exe rundll32.exe PID 1160 wrote to memory of 1716 1160 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\456750efc3ddf0cd4593164d18b55287eec0ede2799e753e5883db21dbbef8c3.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1160 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\456750efc3ddf0cd4593164d18b55287eec0ede2799e753e5883db21dbbef8c3.dll,#12⤵PID:1716
-