Analysis
-
max time kernel
44s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
28-06-2022 09:33
Static task
static1
Behavioral task
behavioral1
Sample
0948d6db510ad047f13dfd34348209d1fcbf5659d08c16f0509981c077dffbb7.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
0948d6db510ad047f13dfd34348209d1fcbf5659d08c16f0509981c077dffbb7.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
0948d6db510ad047f13dfd34348209d1fcbf5659d08c16f0509981c077dffbb7.dll
-
Size
389KB
-
MD5
71137fc2763fc0c76e77d6d255f4a690
-
SHA1
f9b553ac4a9b3bf3b4a0990c1b08d8770f6c4cb6
-
SHA256
0948d6db510ad047f13dfd34348209d1fcbf5659d08c16f0509981c077dffbb7
-
SHA512
067bbbb166612ba9f89048194f4670b7960d6b1a25761be2da1ccc2c00c1b4386eeea48c288c3d05026aa463546e4765b1712b0b5da913c4ba1e8ec231e92c74
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1336 wrote to memory of 1464 1336 rundll32.exe rundll32.exe PID 1336 wrote to memory of 1464 1336 rundll32.exe rundll32.exe PID 1336 wrote to memory of 1464 1336 rundll32.exe rundll32.exe PID 1336 wrote to memory of 1464 1336 rundll32.exe rundll32.exe PID 1336 wrote to memory of 1464 1336 rundll32.exe rundll32.exe PID 1336 wrote to memory of 1464 1336 rundll32.exe rundll32.exe PID 1336 wrote to memory of 1464 1336 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0948d6db510ad047f13dfd34348209d1fcbf5659d08c16f0509981c077dffbb7.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0948d6db510ad047f13dfd34348209d1fcbf5659d08c16f0509981c077dffbb7.dll,#12⤵