Analysis
-
max time kernel
20s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
24-05-2022 14:54
Static task
static1
Behavioral task
behavioral1
Sample
073a501d92273a4195f5b81e327f782c3ec9815849370d892189791f8ce580f9.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
073a501d92273a4195f5b81e327f782c3ec9815849370d892189791f8ce580f9.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
073a501d92273a4195f5b81e327f782c3ec9815849370d892189791f8ce580f9.dll
-
Size
164KB
-
MD5
ddcb9c149bba28cf81de36b22a4c1dc7
-
SHA1
05844751639e2082df0f28beb271e5daf6e0f670
-
SHA256
073a501d92273a4195f5b81e327f782c3ec9815849370d892189791f8ce580f9
-
SHA512
28f5657b055c9424098e8d3941b2fc84b56210c4151ac0980f4453b2f986df955f020ddf11def3135244ce527eea0ddd04dabe388806b23417c4996f22d2fb26
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1908 wrote to memory of 1104 1908 rundll32.exe rundll32.exe PID 1908 wrote to memory of 1104 1908 rundll32.exe rundll32.exe PID 1908 wrote to memory of 1104 1908 rundll32.exe rundll32.exe PID 1908 wrote to memory of 1104 1908 rundll32.exe rundll32.exe PID 1908 wrote to memory of 1104 1908 rundll32.exe rundll32.exe PID 1908 wrote to memory of 1104 1908 rundll32.exe rundll32.exe PID 1908 wrote to memory of 1104 1908 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\073a501d92273a4195f5b81e327f782c3ec9815849370d892189791f8ce580f9.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\073a501d92273a4195f5b81e327f782c3ec9815849370d892189791f8ce580f9.dll,#12⤵