Analysis
-
max time kernel
40s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
21-05-2022 19:23
Static task
static1
Behavioral task
behavioral1
Sample
2d252c51a29f86032421df82524c6161c7a63876c4dc20faffa47929ec8a9d60.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2d252c51a29f86032421df82524c6161c7a63876c4dc20faffa47929ec8a9d60.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
2d252c51a29f86032421df82524c6161c7a63876c4dc20faffa47929ec8a9d60.dll
-
Size
6.4MB
-
MD5
49e7fb3c3eb9d8bc21c7c7e38cf787f1
-
SHA1
d5428a5316459f41fa5ae3cc254cf0cba32dd95c
-
SHA256
2d252c51a29f86032421df82524c6161c7a63876c4dc20faffa47929ec8a9d60
-
SHA512
5b4f3a0aceb02dd4557df21dab51b5a3003d0d9120ad875ad6fa2302524b1a416b982980eeb8728a207e74ea2b5b23cabe3fa65ff9716c19718fed84fb33e004
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1708 wrote to memory of 1884 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 1884 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 1884 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 1884 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 1884 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 1884 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 1884 1708 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2d252c51a29f86032421df82524c6161c7a63876c4dc20faffa47929ec8a9d60.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2d252c51a29f86032421df82524c6161c7a63876c4dc20faffa47929ec8a9d60.dll,#12⤵