Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
27-06-2022 11:15
Static task
static1
Behavioral task
behavioral1
Sample
1524-57-0x0000000000290000-0x00000000002B2000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1524-57-0x0000000000290000-0x00000000002B2000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1524-57-0x0000000000290000-0x00000000002B2000-memory.dll
-
Size
136KB
-
MD5
ad9befe29810111272771247a3ef3964
-
SHA1
d8256468f7802aad0f6a09b033a80899db658080
-
SHA256
8fe1074f522bd0ad64fc9c06d501dea13a18a60a782ddb5383e92d7cdd84b61d
-
SHA512
da3e6d70faa39ea4b928be386df1a82a4d7dc83171baa8168ae8fcc474cdb77233d021763d2b6aaa4b38f200fbacd8be8d6a9a3ef9936a760f0144fdb7af0af8
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1380 wrote to memory of 756 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 756 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 756 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 756 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 756 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 756 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 756 1380 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1524-57-0x0000000000290000-0x00000000002B2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1524-57-0x0000000000290000-0x00000000002B2000-memory.dll,#12⤵