Analysis
-
max time kernel
38s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
27-04-2022 19:01
Static task
static1
Behavioral task
behavioral1
Sample
d543e15482a2ba4f71e763f1bc92db45bfe31b4f142bc7f231d8999ef43c55d2.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
d543e15482a2ba4f71e763f1bc92db45bfe31b4f142bc7f231d8999ef43c55d2.dll
-
Size
96KB
-
MD5
732c6b97db146f3d93ffdfbab95068fc
-
SHA1
95ab33c31655d06f9cf993fad037fe3bc9cc4bb0
-
SHA256
d543e15482a2ba4f71e763f1bc92db45bfe31b4f142bc7f231d8999ef43c55d2
-
SHA512
e8d2b7d29e6c08c53046d9adabaf3478693287c61d89263f88c581b8d4c8c3765dd27fc5db682f79d97d532b843faf224c5d1e9890fb0087c11e366366f9ab93
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1444 wrote to memory of 1600 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 1600 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 1600 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 1600 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 1600 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 1600 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 1600 1444 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d543e15482a2ba4f71e763f1bc92db45bfe31b4f142bc7f231d8999ef43c55d2.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d543e15482a2ba4f71e763f1bc92db45bfe31b4f142bc7f231d8999ef43c55d2.dll,#12⤵