Analysis
-
max time kernel
26s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
03-05-2022 13:45
Static task
static1
Behavioral task
behavioral1
Sample
5f39e07aa909ba23f38e94b42aa27e4918f233332e6389dba21892793f4d55ec.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
5f39e07aa909ba23f38e94b42aa27e4918f233332e6389dba21892793f4d55ec.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
5f39e07aa909ba23f38e94b42aa27e4918f233332e6389dba21892793f4d55ec.dll
-
Size
172KB
-
MD5
2a70217fb2c2062972a83edad25f466e
-
SHA1
6a6159c3037761f05822696b625d9e437ec00602
-
SHA256
5f39e07aa909ba23f38e94b42aa27e4918f233332e6389dba21892793f4d55ec
-
SHA512
b362e6b10a2bf4ed649acac2e73d7b836a631e7284f5ce52a3429c19ef76446482d159f93a66219c0fcac9d4607b508c43b21c51127c090c22df178f58c99e94
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1084 wrote to memory of 1384 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1384 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1384 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1384 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1384 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1384 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1384 1084 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5f39e07aa909ba23f38e94b42aa27e4918f233332e6389dba21892793f4d55ec.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1084 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5f39e07aa909ba23f38e94b42aa27e4918f233332e6389dba21892793f4d55ec.dll,#12⤵PID:1384