Analysis
-
max time kernel
43s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-04-2022 16:50
Static task
static1
Behavioral task
behavioral1
Sample
6ca903e9ee2d13ba81ce292115b320f3e9eeb459e1f8f137fcc741ad311c029d.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
6ca903e9ee2d13ba81ce292115b320f3e9eeb459e1f8f137fcc741ad311c029d.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
6ca903e9ee2d13ba81ce292115b320f3e9eeb459e1f8f137fcc741ad311c029d.dll
-
Size
12KB
-
MD5
d31af9775118f2b037bc763b611f42d7
-
SHA1
56e58228ca20f7de57269555d5bb827050cc147d
-
SHA256
6ca903e9ee2d13ba81ce292115b320f3e9eeb459e1f8f137fcc741ad311c029d
-
SHA512
1923902299242f0424ca0692d82f7a3844cefeb54c1bfab7c4e79002e6156f7b7f6e0595e89ab8d85a71aa40e1f5bfdf1bac6f19799e12d3a3f50a9699e79587
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1412 wrote to memory of 284 1412 rundll32.exe rundll32.exe PID 1412 wrote to memory of 284 1412 rundll32.exe rundll32.exe PID 1412 wrote to memory of 284 1412 rundll32.exe rundll32.exe PID 1412 wrote to memory of 284 1412 rundll32.exe rundll32.exe PID 1412 wrote to memory of 284 1412 rundll32.exe rundll32.exe PID 1412 wrote to memory of 284 1412 rundll32.exe rundll32.exe PID 1412 wrote to memory of 284 1412 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ca903e9ee2d13ba81ce292115b320f3e9eeb459e1f8f137fcc741ad311c029d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ca903e9ee2d13ba81ce292115b320f3e9eeb459e1f8f137fcc741ad311c029d.dll,#12⤵