Analysis
-
max time kernel
43s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
15-06-2022 00:57
Static task
static1
Behavioral task
behavioral1
Sample
2bc93648ffc475cd4e5258f381132866cddfd8c0d5adf6be3d6218cb750ac5f3.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2bc93648ffc475cd4e5258f381132866cddfd8c0d5adf6be3d6218cb750ac5f3.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
2bc93648ffc475cd4e5258f381132866cddfd8c0d5adf6be3d6218cb750ac5f3.dll
-
Size
164KB
-
MD5
ea08eab00bd36a9669d4594e3e1a219e
-
SHA1
b936291ce6ff28985aaec7d9369bb6af3e4caf7a
-
SHA256
2bc93648ffc475cd4e5258f381132866cddfd8c0d5adf6be3d6218cb750ac5f3
-
SHA512
001f046068e93f65d5c975571e4e13662e79d2390c49d3eb0caa68848d609528f0c51b2bb948d6ed110f3e75235574a1e2e8603e6866ecd81b1d81cb051a2959
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1624 wrote to memory of 1932 1624 rundll32.exe rundll32.exe PID 1624 wrote to memory of 1932 1624 rundll32.exe rundll32.exe PID 1624 wrote to memory of 1932 1624 rundll32.exe rundll32.exe PID 1624 wrote to memory of 1932 1624 rundll32.exe rundll32.exe PID 1624 wrote to memory of 1932 1624 rundll32.exe rundll32.exe PID 1624 wrote to memory of 1932 1624 rundll32.exe rundll32.exe PID 1624 wrote to memory of 1932 1624 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2bc93648ffc475cd4e5258f381132866cddfd8c0d5adf6be3d6218cb750ac5f3.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2bc93648ffc475cd4e5258f381132866cddfd8c0d5adf6be3d6218cb750ac5f3.dll,#12⤵