Analysis
-
max time kernel
39s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
03-05-2022 13:44
Static task
static1
Behavioral task
behavioral1
Sample
060433d3d02d3c50e9ebbd9b4149ca7f5b82428b09506fee6eaa97f38fa11380.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
060433d3d02d3c50e9ebbd9b4149ca7f5b82428b09506fee6eaa97f38fa11380.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
060433d3d02d3c50e9ebbd9b4149ca7f5b82428b09506fee6eaa97f38fa11380.dll
-
Size
173KB
-
MD5
3d5a2c222bb9bde14c5388eef40cd802
-
SHA1
e78af42603057709711558876474d89f54760f4b
-
SHA256
060433d3d02d3c50e9ebbd9b4149ca7f5b82428b09506fee6eaa97f38fa11380
-
SHA512
77f6a3260b1595dc7809321d0f5e81cf61d5c89c100467bfbc840ba15515a11b1abb10bb1223d1a0bd5ba7c3d60c028096e741e5bc10647abfa556501718d02e
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1092 wrote to memory of 608 1092 rundll32.exe rundll32.exe PID 1092 wrote to memory of 608 1092 rundll32.exe rundll32.exe PID 1092 wrote to memory of 608 1092 rundll32.exe rundll32.exe PID 1092 wrote to memory of 608 1092 rundll32.exe rundll32.exe PID 1092 wrote to memory of 608 1092 rundll32.exe rundll32.exe PID 1092 wrote to memory of 608 1092 rundll32.exe rundll32.exe PID 1092 wrote to memory of 608 1092 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\060433d3d02d3c50e9ebbd9b4149ca7f5b82428b09506fee6eaa97f38fa11380.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1092 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\060433d3d02d3c50e9ebbd9b4149ca7f5b82428b09506fee6eaa97f38fa11380.dll,#12⤵PID:608