Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
23-06-2022 16:00
Static task
static1
Behavioral task
behavioral1
Sample
1672-57-0x00000000002C0000-0x00000000002E2000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1672-57-0x00000000002C0000-0x00000000002E2000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1672-57-0x00000000002C0000-0x00000000002E2000-memory.dll
-
Size
136KB
-
MD5
21cf076ae45405f3d6687a85835adf95
-
SHA1
980351865a5a0cf59478f1b8dac38088f668fefd
-
SHA256
e01adf02103642003fc8f84fe295dffc1f06127d6128d1ce14c83019616bdb93
-
SHA512
a41887234967d63085a3ca3ae05d1472b8854bdad6a536817e8da9e8ffa77bc9f23a3d0e590a8b3cc354b241d4cc1e24a8a42234d40d04e15e5693efe18e15ef
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1684 wrote to memory of 2032 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 2032 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 2032 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 2032 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 2032 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 2032 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 2032 1684 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1672-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1672-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#12⤵