Analysis
-
max time kernel
44s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
24-06-2022 18:45
Static task
static1
Behavioral task
behavioral1
Sample
624-57-0x0000000000290000-0x00000000002B2000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
624-57-0x0000000000290000-0x00000000002B2000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
624-57-0x0000000000290000-0x00000000002B2000-memory.dll
-
Size
136KB
-
MD5
a2e5b6f6fc7d63b2e629718834494b95
-
SHA1
fc6d2bfda1d3630b8520aa4fcf85711b009f0674
-
SHA256
8de5cba541edd74b188e8689fcb2282f6f2b01db88021de7c66a0c416ebb76ba
-
SHA512
b53d066b35bf356ae2393d039df9536853b53279eca18c339a41d4cd8852e31ca6e0da0f87690953c576f9c73349da0612e400565bc5483f6a15177831eabb0b
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1452 wrote to memory of 1668 1452 rundll32.exe rundll32.exe PID 1452 wrote to memory of 1668 1452 rundll32.exe rundll32.exe PID 1452 wrote to memory of 1668 1452 rundll32.exe rundll32.exe PID 1452 wrote to memory of 1668 1452 rundll32.exe rundll32.exe PID 1452 wrote to memory of 1668 1452 rundll32.exe rundll32.exe PID 1452 wrote to memory of 1668 1452 rundll32.exe rundll32.exe PID 1452 wrote to memory of 1668 1452 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\624-57-0x0000000000290000-0x00000000002B2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\624-57-0x0000000000290000-0x00000000002B2000-memory.dll,#12⤵