Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
27-06-2022 11:21
Static task
static1
Behavioral task
behavioral1
Sample
916-57-0x0000000000670000-0x0000000000692000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
916-57-0x0000000000670000-0x0000000000692000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
916-57-0x0000000000670000-0x0000000000692000-memory.dll
-
Size
136KB
-
MD5
94c7ebb9b4ebed7a8c8ab98f486bddbc
-
SHA1
4423d134e506c9041029f21389dc88f8c37c980b
-
SHA256
6aa99d7028be2b553c132e478b59eeb082f17f9711087438dc3fac04b863e33a
-
SHA512
0028bd14d6eb5e5cf96a6a2c7a06d682faaa1fd23fb11f681461bcbbf70194ffd3d2894c8abfcee2c0c79557911e7fa0cb40ca0cdd7f001234023f8d454f0514
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1092 wrote to memory of 1984 1092 rundll32.exe rundll32.exe PID 1092 wrote to memory of 1984 1092 rundll32.exe rundll32.exe PID 1092 wrote to memory of 1984 1092 rundll32.exe rundll32.exe PID 1092 wrote to memory of 1984 1092 rundll32.exe rundll32.exe PID 1092 wrote to memory of 1984 1092 rundll32.exe rundll32.exe PID 1092 wrote to memory of 1984 1092 rundll32.exe rundll32.exe PID 1092 wrote to memory of 1984 1092 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\916-57-0x0000000000670000-0x0000000000692000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\916-57-0x0000000000670000-0x0000000000692000-memory.dll,#12⤵