Analysis
-
max time kernel
90s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
01-07-2022 02:41
Static task
static1
Behavioral task
behavioral1
Sample
3f1be0bf22eb9c01ecfd1a9d8a9fbe46ce103567a3876d9c28ab8b2b21feddfc.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3f1be0bf22eb9c01ecfd1a9d8a9fbe46ce103567a3876d9c28ab8b2b21feddfc.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
3f1be0bf22eb9c01ecfd1a9d8a9fbe46ce103567a3876d9c28ab8b2b21feddfc.dll
-
Size
146KB
-
MD5
e74c3bdd43f79a329239e9680336dafb
-
SHA1
8eef521c52eb819c066ae097f33ebd0dee43114a
-
SHA256
3f1be0bf22eb9c01ecfd1a9d8a9fbe46ce103567a3876d9c28ab8b2b21feddfc
-
SHA512
18a62bf4678e63600a568202990d9f736e7ce46f305895bd94cde6be522a8c480762050944ec7767a39d865972a478e3a2bb31c22e9782630d99cc34c3b19564
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4080 wrote to memory of 752 4080 rundll32.exe 81 PID 4080 wrote to memory of 752 4080 rundll32.exe 81 PID 4080 wrote to memory of 752 4080 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3f1be0bf22eb9c01ecfd1a9d8a9fbe46ce103567a3876d9c28ab8b2b21feddfc.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4080 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3f1be0bf22eb9c01ecfd1a9d8a9fbe46ce103567a3876d9c28ab8b2b21feddfc.dll,#12⤵PID:752
-