Analysis
-
max time kernel
40s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
01-07-2022 04:50
Static task
static1
Behavioral task
behavioral1
Sample
d5aa319f10b7b5302fbf03c8475a18e30aa5f97da6e5165953add2fcd4d8a431.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
d5aa319f10b7b5302fbf03c8475a18e30aa5f97da6e5165953add2fcd4d8a431.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
d5aa319f10b7b5302fbf03c8475a18e30aa5f97da6e5165953add2fcd4d8a431.dll
-
Size
207KB
-
MD5
600e7e558ee854b88c82fb7b065ad34b
-
SHA1
9b665aaadabc714a06bab604363631550992a9e6
-
SHA256
d5aa319f10b7b5302fbf03c8475a18e30aa5f97da6e5165953add2fcd4d8a431
-
SHA512
f3021e124ddf62c48a64cb948cc865bf19bd1afbd643b5af5bbef341e21b4b84e5c6d624d2f0f043b00014d26cf94b88b370bbfc7e232a2667d8d3e52063ee4c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 664 wrote to memory of 1908 664 rundll32.exe rundll32.exe PID 664 wrote to memory of 1908 664 rundll32.exe rundll32.exe PID 664 wrote to memory of 1908 664 rundll32.exe rundll32.exe PID 664 wrote to memory of 1908 664 rundll32.exe rundll32.exe PID 664 wrote to memory of 1908 664 rundll32.exe rundll32.exe PID 664 wrote to memory of 1908 664 rundll32.exe rundll32.exe PID 664 wrote to memory of 1908 664 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d5aa319f10b7b5302fbf03c8475a18e30aa5f97da6e5165953add2fcd4d8a431.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d5aa319f10b7b5302fbf03c8475a18e30aa5f97da6e5165953add2fcd4d8a431.dll,#12⤵