Analysis
-
max time kernel
41s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
23-06-2022 16:53
Static task
static1
Behavioral task
behavioral1
Sample
2020-57-0x0000000000130000-0x0000000000152000-memory.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2020-57-0x0000000000130000-0x0000000000152000-memory.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
2020-57-0x0000000000130000-0x0000000000152000-memory.dll
-
Size
136KB
-
MD5
936275392cd229ed68f3823c9a4f3abd
-
SHA1
c7e0e91ea09e5fe34d86667e93ac028f1716ad33
-
SHA256
7cb65998d07f7b3140d91a429172edaa571da2bef138350f2d800f2541ce71b8
-
SHA512
2ea8bfad5018ec73952652cb050453938a1f57f83d6d1486bedd1853be96316799bfa4498a5f46d2a41b572aa98b68c5b5f10a5d5649ee0459f3e8c85f3823a6
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1984 wrote to memory of 1524 1984 rundll32.exe rundll32.exe PID 1984 wrote to memory of 1524 1984 rundll32.exe rundll32.exe PID 1984 wrote to memory of 1524 1984 rundll32.exe rundll32.exe PID 1984 wrote to memory of 1524 1984 rundll32.exe rundll32.exe PID 1984 wrote to memory of 1524 1984 rundll32.exe rundll32.exe PID 1984 wrote to memory of 1524 1984 rundll32.exe rundll32.exe PID 1984 wrote to memory of 1524 1984 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-57-0x0000000000130000-0x0000000000152000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2020-57-0x0000000000130000-0x0000000000152000-memory.dll,#12⤵