Analysis
-
max time kernel
41s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
23-05-2022 23:48
Static task
static1
Behavioral task
behavioral1
Sample
0ca73ef4f3610b37b5418d8406d8f5187c187ae97f8967f1c6af3479b5eb0144.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
0ca73ef4f3610b37b5418d8406d8f5187c187ae97f8967f1c6af3479b5eb0144.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
0ca73ef4f3610b37b5418d8406d8f5187c187ae97f8967f1c6af3479b5eb0144.dll
-
Size
161KB
-
MD5
31ad353de714f97cf9b68e95a2b9bdc9
-
SHA1
a5d3e3fe680820f5cf13997836e4cc35f6a57fa0
-
SHA256
0ca73ef4f3610b37b5418d8406d8f5187c187ae97f8967f1c6af3479b5eb0144
-
SHA512
4d1050d8267cbfcc37de08ed2a47e704b4022c683f2a87dd7a53974ed96912b023b70286f6702c674cb8cdab1770ec347bcd3a063300b45b6f8ebaa0c157bfbb
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1516 wrote to memory of 864 1516 rundll32.exe rundll32.exe PID 1516 wrote to memory of 864 1516 rundll32.exe rundll32.exe PID 1516 wrote to memory of 864 1516 rundll32.exe rundll32.exe PID 1516 wrote to memory of 864 1516 rundll32.exe rundll32.exe PID 1516 wrote to memory of 864 1516 rundll32.exe rundll32.exe PID 1516 wrote to memory of 864 1516 rundll32.exe rundll32.exe PID 1516 wrote to memory of 864 1516 rundll32.exe rundll32.exe
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0ca73ef4f3610b37b5418d8406d8f5187c187ae97f8967f1c6af3479b5eb0144.dll,#11⤵
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0ca73ef4f3610b37b5418d8406d8f5187c187ae97f8967f1c6af3479b5eb0144.dll,#11⤵
- Suspicious use of WriteProcessMemory