Analysis
-
max time kernel
1610s -
max time network
1615s -
platform
windows7_x64 -
resource
win7-20220414-es -
submitted
23-06-2022 23:10
Static task
static1
Behavioral task
behavioral1
Sample
65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe.dll
Resource
win7-20220414-es
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe.dll
Resource
win10v2004-20220414-es
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe.dll
-
Size
20.0MB
-
MD5
bf5aee7ba0ac7286f4879ca34ca63903
-
SHA1
9bc40c49a3dbc41f618d11f4b113f234c1713dc4
-
SHA256
65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe
-
SHA512
887125ea071749f717f5d39828b5ac200ee8f80aaedfe6b58167c0bfa68ec8e921c0cbbe63de8ad49eab8ff28c5c09d7b06aecf6e51df63f1195c257ddc4cd49
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1444 wrote to memory of 964 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 964 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 964 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 964 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 964 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 964 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 964 1444 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1444 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\65e5ded9bc27a4562fb5cbb6b827273be9f6ed3b2159832a57fd3ca8c78573fe.dll,#12⤵PID:964