Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
21-05-2022 19:23
Static task
static1
Behavioral task
behavioral1
Sample
a9fa8e8609872cdcea241e3aab726b02b124c82de4c77ad3c3722d7c6b93b9b5.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
a9fa8e8609872cdcea241e3aab726b02b124c82de4c77ad3c3722d7c6b93b9b5.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
a9fa8e8609872cdcea241e3aab726b02b124c82de4c77ad3c3722d7c6b93b9b5.dll
-
Size
26KB
-
MD5
bb40bbbd3b69e0eb802c42d2506b6754
-
SHA1
bf80e329cba134ccd96f9572d2c0bf250515c26e
-
SHA256
a9fa8e8609872cdcea241e3aab726b02b124c82de4c77ad3c3722d7c6b93b9b5
-
SHA512
712d114aa05d73246fb607039e8875db4f481050c00f1909dd9625b2ef35303976e7c96bc7b6ab861781458f33985bc679d88009a567103e6aadf334ea20b270
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
rundll32.exepid process 900 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1228 wrote to memory of 900 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 900 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 900 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 900 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 900 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 900 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 900 1228 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a9fa8e8609872cdcea241e3aab726b02b124c82de4c77ad3c3722d7c6b93b9b5.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a9fa8e8609872cdcea241e3aab726b02b124c82de4c77ad3c3722d7c6b93b9b5.dll,#12⤵
- Deletes itself