Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
27-06-2022 11:03
Static task
static1
Behavioral task
behavioral1
Sample
1492-57-0x0000000000430000-0x0000000000452000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1492-57-0x0000000000430000-0x0000000000452000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1492-57-0x0000000000430000-0x0000000000452000-memory.dll
-
Size
136KB
-
MD5
b64ac6b5c5047ff2ef231e9dcc7e788e
-
SHA1
8c322f6bd81b0b69ae9aaa488226f1d64ba8a05f
-
SHA256
c1a4d4cf7ec9cc1f2455eb27d2fc6842ea9a53eb4a9b86272ee0fad65cfa1708
-
SHA512
c7ec47bfa367f25bfc83ed8e0951d375d1006570b8bdefe9895b6c1d75f6795086a6aefe67f233d053cfcf7264e539e3c5eaa345ed7bd4442f3881b1ce9c761e
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 892 wrote to memory of 2020 892 rundll32.exe rundll32.exe PID 892 wrote to memory of 2020 892 rundll32.exe rundll32.exe PID 892 wrote to memory of 2020 892 rundll32.exe rundll32.exe PID 892 wrote to memory of 2020 892 rundll32.exe rundll32.exe PID 892 wrote to memory of 2020 892 rundll32.exe rundll32.exe PID 892 wrote to memory of 2020 892 rundll32.exe rundll32.exe PID 892 wrote to memory of 2020 892 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1492-57-0x0000000000430000-0x0000000000452000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1492-57-0x0000000000430000-0x0000000000452000-memory.dll,#12⤵