Analysis
-
max time kernel
44s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
31-05-2022 06:03
Static task
static1
Behavioral task
behavioral1
Sample
06704bd07416c61583ad5929b39329a6d90c7299e64bb107c37973ed393df762.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
06704bd07416c61583ad5929b39329a6d90c7299e64bb107c37973ed393df762.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
06704bd07416c61583ad5929b39329a6d90c7299e64bb107c37973ed393df762.dll
-
Size
164KB
-
MD5
ecf7748fac09f62da5e16cbc0956f973
-
SHA1
8ddff0ed4213273006943ab911a0358c6ca87d7f
-
SHA256
06704bd07416c61583ad5929b39329a6d90c7299e64bb107c37973ed393df762
-
SHA512
5b4396d10d4c25865f7b54b594ae5879ad86d36d80a15084ab9691c7f82314bf5c0200a1e2d8355aaf69a5a952d735f939508aaae3aa2ad66d623028673921b6
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 800 wrote to memory of 852 800 rundll32.exe rundll32.exe PID 800 wrote to memory of 852 800 rundll32.exe rundll32.exe PID 800 wrote to memory of 852 800 rundll32.exe rundll32.exe PID 800 wrote to memory of 852 800 rundll32.exe rundll32.exe PID 800 wrote to memory of 852 800 rundll32.exe rundll32.exe PID 800 wrote to memory of 852 800 rundll32.exe rundll32.exe PID 800 wrote to memory of 852 800 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\06704bd07416c61583ad5929b39329a6d90c7299e64bb107c37973ed393df762.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\06704bd07416c61583ad5929b39329a6d90c7299e64bb107c37973ed393df762.dll,#12⤵