Analysis
-
max time kernel
145s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
23-06-2022 13:54
Static task
static1
Behavioral task
behavioral1
Sample
900-57-0x0000000000270000-0x0000000000292000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
900-57-0x0000000000270000-0x0000000000292000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
900-57-0x0000000000270000-0x0000000000292000-memory.dll
-
Size
136KB
-
MD5
8b8e730974f5990092be72be7f69702c
-
SHA1
7b50a95d400a95d8f7dcb95cdcc766d8dc50ec8a
-
SHA256
570ac8065502d2f0620cb93ff54dc521cbe2685d4452ab01aeb1da5ae9dd31f3
-
SHA512
c13842c1015b8b4df60ac47487636cc5b2f7a02406986c87f6edc799818f093fcf2120f05dfe41c7a0e7c7c0e1db04dbba9e5b623c701c135140e695a0025680
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2916 wrote to memory of 3180 2916 rundll32.exe rundll32.exe PID 2916 wrote to memory of 3180 2916 rundll32.exe rundll32.exe PID 2916 wrote to memory of 3180 2916 rundll32.exe rundll32.exe PID 3180 wrote to memory of 3220 3180 rundll32.exe rundll32.exe PID 3180 wrote to memory of 3220 3180 rundll32.exe rundll32.exe PID 3180 wrote to memory of 3220 3180 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\900-57-0x0000000000270000-0x0000000000292000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\900-57-0x0000000000270000-0x0000000000292000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\900-57-0x0000000000270000-0x0000000000292000-memory.dll,#13⤵