Analysis
-
max time kernel
36s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
03-05-2022 13:45
Static task
static1
Behavioral task
behavioral1
Sample
3e5cf8e700b5131d3a328041bcfb8e8108d75449ed1652e6d3518399274e8ad2.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3e5cf8e700b5131d3a328041bcfb8e8108d75449ed1652e6d3518399274e8ad2.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
3e5cf8e700b5131d3a328041bcfb8e8108d75449ed1652e6d3518399274e8ad2.dll
-
Size
172KB
-
MD5
172286bcb0baba1f89a227520673c9e6
-
SHA1
e067ab63dbc8d3d470e94cd3673ed513c33dfb56
-
SHA256
3e5cf8e700b5131d3a328041bcfb8e8108d75449ed1652e6d3518399274e8ad2
-
SHA512
2c45b9ce64a8e573e673d2b102b599f89983585e8ad7b69d9e6d139a23719111b54305b8b1e9c21872955d37220f6e174a51b6a63b1ce8897c6d72882e185092
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 980 wrote to memory of 936 980 rundll32.exe rundll32.exe PID 980 wrote to memory of 936 980 rundll32.exe rundll32.exe PID 980 wrote to memory of 936 980 rundll32.exe rundll32.exe PID 980 wrote to memory of 936 980 rundll32.exe rundll32.exe PID 980 wrote to memory of 936 980 rundll32.exe rundll32.exe PID 980 wrote to memory of 936 980 rundll32.exe rundll32.exe PID 980 wrote to memory of 936 980 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3e5cf8e700b5131d3a328041bcfb8e8108d75449ed1652e6d3518399274e8ad2.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:980 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3e5cf8e700b5131d3a328041bcfb8e8108d75449ed1652e6d3518399274e8ad2.dll,#12⤵PID:936