Analysis
-
max time kernel
52s -
max time network
181s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
30-06-2022 19:49
Static task
static1
Behavioral task
behavioral1
Sample
e54a87583c57c34ddd3f46d7d8796dc61365ee8f7c242f7e6ee6931fddc52af1.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
e54a87583c57c34ddd3f46d7d8796dc61365ee8f7c242f7e6ee6931fddc52af1.dll
-
Size
426KB
-
MD5
6a83f1cca9dfa139275aa875aca00e7e
-
SHA1
78a1a9a3e6d8eb8ae67b898e0ec7acb4b207250d
-
SHA256
e54a87583c57c34ddd3f46d7d8796dc61365ee8f7c242f7e6ee6931fddc52af1
-
SHA512
4319dee68e89534898776c5d87bdcff899784307f647f950d5d7570745b9e29455fe64810d6967dd6384bd8d9000bf5144004ce68568585c69142efcd0f4d65e
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1688 rundll32.exe 1688 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1680 wrote to memory of 1688 1680 rundll32.exe rundll32.exe PID 1680 wrote to memory of 1688 1680 rundll32.exe rundll32.exe PID 1680 wrote to memory of 1688 1680 rundll32.exe rundll32.exe PID 1680 wrote to memory of 1688 1680 rundll32.exe rundll32.exe PID 1680 wrote to memory of 1688 1680 rundll32.exe rundll32.exe PID 1680 wrote to memory of 1688 1680 rundll32.exe rundll32.exe PID 1680 wrote to memory of 1688 1680 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e54a87583c57c34ddd3f46d7d8796dc61365ee8f7c242f7e6ee6931fddc52af1.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e54a87583c57c34ddd3f46d7d8796dc61365ee8f7c242f7e6ee6931fddc52af1.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses