Analysis
-
max time kernel
47s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
03-05-2022 13:44
Static task
static1
Behavioral task
behavioral1
Sample
22c397982a9a82bd023c25b5cab600ceba38835eda9ff98b14dc053e4bc72675.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
22c397982a9a82bd023c25b5cab600ceba38835eda9ff98b14dc053e4bc72675.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
22c397982a9a82bd023c25b5cab600ceba38835eda9ff98b14dc053e4bc72675.dll
-
Size
173KB
-
MD5
de58a6799238f05179b8f9cef6b5b6e6
-
SHA1
beb30c671c09cb60dcb6595dbe1709c95c4ff99a
-
SHA256
22c397982a9a82bd023c25b5cab600ceba38835eda9ff98b14dc053e4bc72675
-
SHA512
3cd514e33d8d3eb04d9df34d1bed26135252957f863bef5e719237fae721763a49c44043881528f2961369becf014121cc74d33fe4705bbaa3e577f91284dd3a
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1648 wrote to memory of 1684 1648 rundll32.exe rundll32.exe PID 1648 wrote to memory of 1684 1648 rundll32.exe rundll32.exe PID 1648 wrote to memory of 1684 1648 rundll32.exe rundll32.exe PID 1648 wrote to memory of 1684 1648 rundll32.exe rundll32.exe PID 1648 wrote to memory of 1684 1648 rundll32.exe rundll32.exe PID 1648 wrote to memory of 1684 1648 rundll32.exe rundll32.exe PID 1648 wrote to memory of 1684 1648 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\22c397982a9a82bd023c25b5cab600ceba38835eda9ff98b14dc053e4bc72675.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1648 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\22c397982a9a82bd023c25b5cab600ceba38835eda9ff98b14dc053e4bc72675.dll,#12⤵PID:1684