Analysis
-
max time kernel
44s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
08-06-2022 10:18
Static task
static1
Behavioral task
behavioral1
Sample
1652-57-0x0000000001EC0000-0x0000000001EE2000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1652-57-0x0000000001EC0000-0x0000000001EE2000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1652-57-0x0000000001EC0000-0x0000000001EE2000-memory.dll
-
Size
136KB
-
MD5
6242bfb3c89f13ef16cd850c1d600185
-
SHA1
0fa5f9a1d1b5c3a63fc7394bedec112fc734c339
-
SHA256
2717d782f601c5655b52d7999b99285194663b7e00774df1df212528dad0dac5
-
SHA512
65ecde1e48299fc6c2479cdccb49c6f701138c3d88b8a1683abeffcebf2a7e38327b391c38405275787424caabf4e4ed5885b403d31e3ba4a18a2aa496f17d85
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1452 wrote to memory of 1668 1452 rundll32.exe rundll32.exe PID 1452 wrote to memory of 1668 1452 rundll32.exe rundll32.exe PID 1452 wrote to memory of 1668 1452 rundll32.exe rundll32.exe PID 1452 wrote to memory of 1668 1452 rundll32.exe rundll32.exe PID 1452 wrote to memory of 1668 1452 rundll32.exe rundll32.exe PID 1452 wrote to memory of 1668 1452 rundll32.exe rundll32.exe PID 1452 wrote to memory of 1668 1452 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1652-57-0x0000000001EC0000-0x0000000001EE2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1652-57-0x0000000001EC0000-0x0000000001EE2000-memory.dll,#12⤵