Analysis
-
max time kernel
36s -
max time network
39s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
21-06-2022 15:08
Static task
static1
Behavioral task
behavioral1
Sample
4a68f0ad3c0758aeae9675c4b62260922a0f09cdfd5721bfd25fbf12b00db614.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
4a68f0ad3c0758aeae9675c4b62260922a0f09cdfd5721bfd25fbf12b00db614.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
4a68f0ad3c0758aeae9675c4b62260922a0f09cdfd5721bfd25fbf12b00db614.dll
-
Size
2.7MB
-
MD5
e8521910af59327a456d52e94e93eb92
-
SHA1
0e1bda5903de2c3172f2cd01291b45b6a4250fca
-
SHA256
b1fb95368c961ca9d884628e63b19a009b359a736ce90532faf2532dbeb91cdd
-
SHA512
98d2e94f22666397dbe930ff9069286fd04f97233ac857621c3374f51399e6bfaa4e60a6457c20908efe7db2cd55ca91690860ca4203abb794cc6f146ab320c9
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 848 wrote to memory of 1796 848 rundll32.exe rundll32.exe PID 848 wrote to memory of 1796 848 rundll32.exe rundll32.exe PID 848 wrote to memory of 1796 848 rundll32.exe rundll32.exe PID 848 wrote to memory of 1796 848 rundll32.exe rundll32.exe PID 848 wrote to memory of 1796 848 rundll32.exe rundll32.exe PID 848 wrote to memory of 1796 848 rundll32.exe rundll32.exe PID 848 wrote to memory of 1796 848 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4a68f0ad3c0758aeae9675c4b62260922a0f09cdfd5721bfd25fbf12b00db614.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4a68f0ad3c0758aeae9675c4b62260922a0f09cdfd5721bfd25fbf12b00db614.dll,#12⤵