Analysis
-
max time kernel
45s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
03-05-2022 13:47
Static task
static1
Behavioral task
behavioral1
Sample
6648caf71c178f49cc619f2f68af67e18706d00f5bd0b890705d8ab8e086abfc.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
6648caf71c178f49cc619f2f68af67e18706d00f5bd0b890705d8ab8e086abfc.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
6648caf71c178f49cc619f2f68af67e18706d00f5bd0b890705d8ab8e086abfc.dll
-
Size
172KB
-
MD5
b1648c11f821a969c51974d89f748981
-
SHA1
4e63147535c1f56e40a64e4f1fb0809d4ea9d0af
-
SHA256
6648caf71c178f49cc619f2f68af67e18706d00f5bd0b890705d8ab8e086abfc
-
SHA512
01cd2534c935e997d5957e7d4cca56c3502d49d332f016c9c8907c6c9fec1577a25dd1105a9356d16be048203d9e1258afde1fd3e7d74ec95d7b3d025e2f10e6
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1808 wrote to memory of 1492 1808 rundll32.exe rundll32.exe PID 1808 wrote to memory of 1492 1808 rundll32.exe rundll32.exe PID 1808 wrote to memory of 1492 1808 rundll32.exe rundll32.exe PID 1808 wrote to memory of 1492 1808 rundll32.exe rundll32.exe PID 1808 wrote to memory of 1492 1808 rundll32.exe rundll32.exe PID 1808 wrote to memory of 1492 1808 rundll32.exe rundll32.exe PID 1808 wrote to memory of 1492 1808 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6648caf71c178f49cc619f2f68af67e18706d00f5bd0b890705d8ab8e086abfc.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1808 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6648caf71c178f49cc619f2f68af67e18706d00f5bd0b890705d8ab8e086abfc.dll,#12⤵PID:1492