Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
21-05-2022 19:24
Static task
static1
Behavioral task
behavioral1
Sample
14930488158df5fca4cba80b1089f41dc296e19bebf41e2ff6e5b32770ac0f1e.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
14930488158df5fca4cba80b1089f41dc296e19bebf41e2ff6e5b32770ac0f1e.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
14930488158df5fca4cba80b1089f41dc296e19bebf41e2ff6e5b32770ac0f1e.dll
-
Size
24KB
-
MD5
c5cf6e70d5a5c489aa1c0326799dbe90
-
SHA1
a94ed3d673261d62f2959979272d8c8d17e6e7f3
-
SHA256
14930488158df5fca4cba80b1089f41dc296e19bebf41e2ff6e5b32770ac0f1e
-
SHA512
7d9422e35d71a691c9cc62d4cbecb5f6b02d7754c348f0bd7a1085200d70624cf4b27e17804f7a069b5ae0b3a0e657693b7206a4a2ca8b5ed79bd71d9dc098f1
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1068 wrote to memory of 1792 1068 rundll32.exe rundll32.exe PID 1068 wrote to memory of 1792 1068 rundll32.exe rundll32.exe PID 1068 wrote to memory of 1792 1068 rundll32.exe rundll32.exe PID 1068 wrote to memory of 1792 1068 rundll32.exe rundll32.exe PID 1068 wrote to memory of 1792 1068 rundll32.exe rundll32.exe PID 1068 wrote to memory of 1792 1068 rundll32.exe rundll32.exe PID 1068 wrote to memory of 1792 1068 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14930488158df5fca4cba80b1089f41dc296e19bebf41e2ff6e5b32770ac0f1e.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\14930488158df5fca4cba80b1089f41dc296e19bebf41e2ff6e5b32770ac0f1e.dll,#12⤵