Analysis
-
max time kernel
38s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
03-05-2022 13:44
Static task
static1
Behavioral task
behavioral1
Sample
8c37f4b7cc589923e84c3b28403135b3e52c42d5fd0961e7a57ca8b53ea9cb45.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
8c37f4b7cc589923e84c3b28403135b3e52c42d5fd0961e7a57ca8b53ea9cb45.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
8c37f4b7cc589923e84c3b28403135b3e52c42d5fd0961e7a57ca8b53ea9cb45.dll
-
Size
173KB
-
MD5
987b323180e264a9bc52e7d5039d793a
-
SHA1
c7dbedd33fdc29d91ec94d8b89b6be08397c61a3
-
SHA256
8c37f4b7cc589923e84c3b28403135b3e52c42d5fd0961e7a57ca8b53ea9cb45
-
SHA512
6e858dc486a9de57d77ef645e3af99f08013d50af2e14c5030d9bc43213b1f297514b9437ded41943e3bef43ee68d43527b30b4c3a373f45bddf6d5f8d70dc6d
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1096 wrote to memory of 1900 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 1900 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 1900 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 1900 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 1900 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 1900 1096 rundll32.exe rundll32.exe PID 1096 wrote to memory of 1900 1096 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8c37f4b7cc589923e84c3b28403135b3e52c42d5fd0961e7a57ca8b53ea9cb45.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1096 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8c37f4b7cc589923e84c3b28403135b3e52c42d5fd0961e7a57ca8b53ea9cb45.dll,#12⤵PID:1900