Analysis
-
max time kernel
91s -
max time network
106s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
24-06-2022 18:01
Static task
static1
Behavioral task
behavioral1
Sample
2032-57-0x00000000002C0000-0x00000000002E2000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2032-57-0x00000000002C0000-0x00000000002E2000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
2032-57-0x00000000002C0000-0x00000000002E2000-memory.dll
-
Size
136KB
-
MD5
d39b947a8921fa094990a5597793df84
-
SHA1
abcd6c238607020cd9f7025d9d3c990e0afe5204
-
SHA256
6feb59e3a87b97539ba5be533cef98d9e450746f6d28e646b53ae07b96d3eea9
-
SHA512
137e60fbdba679a32c6563965e4b1fe326a7bfd19c0bc107c89cffbc72f7183bb71fa9ad0e97a0123c9bd49271a7b41f06ae7100d56076683a96008d1524c25b
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 4704 wrote to memory of 4812 4704 rundll32.exe rundll32.exe PID 4704 wrote to memory of 4812 4704 rundll32.exe rundll32.exe PID 4704 wrote to memory of 4812 4704 rundll32.exe rundll32.exe PID 4812 wrote to memory of 4352 4812 rundll32.exe rundll32.exe PID 4812 wrote to memory of 4352 4812 rundll32.exe rundll32.exe PID 4812 wrote to memory of 4352 4812 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2032-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2032-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2032-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#13⤵