Analysis
-
max time kernel
40s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
26-06-2022 03:41
Static task
static1
Behavioral task
behavioral1
Sample
361a2e440efb33321aef224d1847a4f71ecb1645aa5cfd1b7d92a819f852f471.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
361a2e440efb33321aef224d1847a4f71ecb1645aa5cfd1b7d92a819f852f471.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
361a2e440efb33321aef224d1847a4f71ecb1645aa5cfd1b7d92a819f852f471.dll
-
Size
164KB
-
MD5
c65c1dbd1f8617ff2a9a6b75d9267d52
-
SHA1
c359fafb88f11a424b179997e6fe862870583f27
-
SHA256
361a2e440efb33321aef224d1847a4f71ecb1645aa5cfd1b7d92a819f852f471
-
SHA512
eb8eb52647e0b02b9174640049490864ff4188a44ed87eb08999bf550b2dc91db994c6704991e565869fa8d42af3863e8c8ee9e772a1513daf285226cc30b911
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1380 wrote to memory of 1672 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 1672 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 1672 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 1672 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 1672 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 1672 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 1672 1380 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\361a2e440efb33321aef224d1847a4f71ecb1645aa5cfd1b7d92a819f852f471.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\361a2e440efb33321aef224d1847a4f71ecb1645aa5cfd1b7d92a819f852f471.dll,#12⤵