Analysis
-
max time kernel
42s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
23-05-2022 23:48
Static task
static1
Behavioral task
behavioral1
Sample
d8cca1666aa4989857dd44bfa0ec14571527be9a3a72dae519ff67a2b8f4de2e.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
d8cca1666aa4989857dd44bfa0ec14571527be9a3a72dae519ff67a2b8f4de2e.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
d8cca1666aa4989857dd44bfa0ec14571527be9a3a72dae519ff67a2b8f4de2e.dll
-
Size
164KB
-
MD5
4ddc4c10f348e34445cae6ebac80bf87
-
SHA1
54fa2d553b774fa273e254ea8a9484f17a4b8747
-
SHA256
d8cca1666aa4989857dd44bfa0ec14571527be9a3a72dae519ff67a2b8f4de2e
-
SHA512
d91730d1e1bcaa5e58b1a9cebee04d2634d80094ae953e3c329acb5476960bdb79dc0a3bc5b8da2836c3646a90ba91d5126b47b5e83f88dab7b05c7650700c58
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1224 wrote to memory of 1348 1224 rundll32.exe rundll32.exe PID 1224 wrote to memory of 1348 1224 rundll32.exe rundll32.exe PID 1224 wrote to memory of 1348 1224 rundll32.exe rundll32.exe PID 1224 wrote to memory of 1348 1224 rundll32.exe rundll32.exe PID 1224 wrote to memory of 1348 1224 rundll32.exe rundll32.exe PID 1224 wrote to memory of 1348 1224 rundll32.exe rundll32.exe PID 1224 wrote to memory of 1348 1224 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d8cca1666aa4989857dd44bfa0ec14571527be9a3a72dae519ff67a2b8f4de2e.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d8cca1666aa4989857dd44bfa0ec14571527be9a3a72dae519ff67a2b8f4de2e.dll,#12⤵