Analysis
-
max time kernel
44s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
03-05-2022 13:44
Static task
static1
Behavioral task
behavioral1
Sample
9792adc49c428ca9a49172e35b84cb8250c58db2a5b36d2509c418adc8a843d7.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
9792adc49c428ca9a49172e35b84cb8250c58db2a5b36d2509c418adc8a843d7.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
9792adc49c428ca9a49172e35b84cb8250c58db2a5b36d2509c418adc8a843d7.dll
-
Size
173KB
-
MD5
c6cdc4c215755fdf63ad59b7b110827b
-
SHA1
f7be2a6ff1919919e94a4d1b24e92d038369aed0
-
SHA256
9792adc49c428ca9a49172e35b84cb8250c58db2a5b36d2509c418adc8a843d7
-
SHA512
ef31da9ff19a5ee1a9ace2d56eb5403ec5ecd8be4af6b6c962548c9ec7c79ad7b37e9298caea1b2467298aeee4a5d0dd10348bc9a096b55b0bf9b256675f7054
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1100 wrote to memory of 1640 1100 rundll32.exe rundll32.exe PID 1100 wrote to memory of 1640 1100 rundll32.exe rundll32.exe PID 1100 wrote to memory of 1640 1100 rundll32.exe rundll32.exe PID 1100 wrote to memory of 1640 1100 rundll32.exe rundll32.exe PID 1100 wrote to memory of 1640 1100 rundll32.exe rundll32.exe PID 1100 wrote to memory of 1640 1100 rundll32.exe rundll32.exe PID 1100 wrote to memory of 1640 1100 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9792adc49c428ca9a49172e35b84cb8250c58db2a5b36d2509c418adc8a843d7.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1100 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9792adc49c428ca9a49172e35b84cb8250c58db2a5b36d2509c418adc8a843d7.dll,#12⤵PID:1640