Analysis
-
max time kernel
40s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
03-05-2022 13:44
Static task
static1
Behavioral task
behavioral1
Sample
7bf3b949f6c3d2dc15ad94b1c17f043a7526066f8e6a8db8e37b10c135e9fc54.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
7bf3b949f6c3d2dc15ad94b1c17f043a7526066f8e6a8db8e37b10c135e9fc54.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
7bf3b949f6c3d2dc15ad94b1c17f043a7526066f8e6a8db8e37b10c135e9fc54.dll
-
Size
172KB
-
MD5
61970cd16daaa5e67a9207f3f4283254
-
SHA1
fb6c0635604a57a7cd259be0dc4337edf131b7a1
-
SHA256
7bf3b949f6c3d2dc15ad94b1c17f043a7526066f8e6a8db8e37b10c135e9fc54
-
SHA512
0c1c00cbae43daaa62f8c6a647485e72f205a387ab47f754e05caa1b19e77e808b6c9300e8181dbf661ae4cdbafbb5b8b4d50a01f48a11a86095fd96a38312e9
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1672 wrote to memory of 1892 1672 rundll32.exe rundll32.exe PID 1672 wrote to memory of 1892 1672 rundll32.exe rundll32.exe PID 1672 wrote to memory of 1892 1672 rundll32.exe rundll32.exe PID 1672 wrote to memory of 1892 1672 rundll32.exe rundll32.exe PID 1672 wrote to memory of 1892 1672 rundll32.exe rundll32.exe PID 1672 wrote to memory of 1892 1672 rundll32.exe rundll32.exe PID 1672 wrote to memory of 1892 1672 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7bf3b949f6c3d2dc15ad94b1c17f043a7526066f8e6a8db8e37b10c135e9fc54.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1672 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7bf3b949f6c3d2dc15ad94b1c17f043a7526066f8e6a8db8e37b10c135e9fc54.dll,#12⤵PID:1892