Analysis
-
max time kernel
43s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
30-05-2022 19:37
Static task
static1
Behavioral task
behavioral1
Sample
091e19d9a1bad504e4822b738eba268d791d301483228b24803422918dcc9a60.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
091e19d9a1bad504e4822b738eba268d791d301483228b24803422918dcc9a60.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
091e19d9a1bad504e4822b738eba268d791d301483228b24803422918dcc9a60.dll
-
Size
164KB
-
MD5
fbf9bab6d2a338e3c740daa260cfd93d
-
SHA1
e1b4e31ac217f16ab65e4820dfd96646b2b645c9
-
SHA256
091e19d9a1bad504e4822b738eba268d791d301483228b24803422918dcc9a60
-
SHA512
d53937d4f28db4b73e0a5a527d06ee9850b925f4d506c58affeee8c27f656cf4ad5a80e7599419ea8d625c5edc2a48d648ef46f292802dcec41073a9313e8484
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1624 wrote to memory of 1932 1624 rundll32.exe rundll32.exe PID 1624 wrote to memory of 1932 1624 rundll32.exe rundll32.exe PID 1624 wrote to memory of 1932 1624 rundll32.exe rundll32.exe PID 1624 wrote to memory of 1932 1624 rundll32.exe rundll32.exe PID 1624 wrote to memory of 1932 1624 rundll32.exe rundll32.exe PID 1624 wrote to memory of 1932 1624 rundll32.exe rundll32.exe PID 1624 wrote to memory of 1932 1624 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\091e19d9a1bad504e4822b738eba268d791d301483228b24803422918dcc9a60.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\091e19d9a1bad504e4822b738eba268d791d301483228b24803422918dcc9a60.dll,#12⤵