Analysis
-
max time kernel
44s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
24-06-2022 19:20
Static task
static1
Behavioral task
behavioral1
Sample
1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll
-
Size
136KB
-
MD5
f3425adbbc731abfa8239ba5e20a9699
-
SHA1
1a45001618edb55e6a640c6176face69856f8e39
-
SHA256
232f85990535f5e478688cea7599d9645a716945201934452b116428a6974aef
-
SHA512
2fa2e3ed96833c49428a1acfa45e79398b826cbe6ecc842ddafcd1770a90be443c3ce9ae76727e3d7d36d903ba84ecb562c79829379c1fc2ef2e854daf82b75a
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 780 wrote to memory of 1928 780 rundll32.exe rundll32.exe PID 780 wrote to memory of 1928 780 rundll32.exe rundll32.exe PID 780 wrote to memory of 1928 780 rundll32.exe rundll32.exe PID 780 wrote to memory of 1928 780 rundll32.exe rundll32.exe PID 780 wrote to memory of 1928 780 rundll32.exe rundll32.exe PID 780 wrote to memory of 1928 780 rundll32.exe rundll32.exe PID 780 wrote to memory of 1928 780 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1984-57-0x00000000002C0000-0x00000000002E2000-memory.dll,#12⤵