Analysis
-
max time kernel
37s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
03-05-2022 13:45
Static task
static1
Behavioral task
behavioral1
Sample
252fd59bb897e0fa9430a7f28e2ef18ed876a619d7e30fad4551219044c99e9d.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
252fd59bb897e0fa9430a7f28e2ef18ed876a619d7e30fad4551219044c99e9d.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
252fd59bb897e0fa9430a7f28e2ef18ed876a619d7e30fad4551219044c99e9d.dll
-
Size
172KB
-
MD5
fd0d9ef004b98f81cc52ac8105a15560
-
SHA1
4273f52026ff482dad810f957a9da260748478b0
-
SHA256
252fd59bb897e0fa9430a7f28e2ef18ed876a619d7e30fad4551219044c99e9d
-
SHA512
ac826add17a72a87a25bc059adc5eda66afee08ccf821a432d14bdd7ddb496c24c94d2a9fba6edc25b0a4f6d5d38d2f37917fc1f6ded296d49317caa016afc9f
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1240 wrote to memory of 1996 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1996 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1996 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1996 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1996 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1996 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1996 1240 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\252fd59bb897e0fa9430a7f28e2ef18ed876a619d7e30fad4551219044c99e9d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1240 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\252fd59bb897e0fa9430a7f28e2ef18ed876a619d7e30fad4551219044c99e9d.dll,#12⤵PID:1996