Analysis
-
max time kernel
31s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
03-07-2022 16:17
Static task
static1
Behavioral task
behavioral1
Sample
3b7f133a26a72f8c60627a51978887bccd9cffc32f527621bef81c1cd92a545a.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3b7f133a26a72f8c60627a51978887bccd9cffc32f527621bef81c1cd92a545a.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
3b7f133a26a72f8c60627a51978887bccd9cffc32f527621bef81c1cd92a545a.dll
-
Size
207KB
-
MD5
b6c818d69ff341e4bb49e5fc84ce1430
-
SHA1
f9f6e346bfd22be381fdbbeec16a0a99343072f3
-
SHA256
3b7f133a26a72f8c60627a51978887bccd9cffc32f527621bef81c1cd92a545a
-
SHA512
f7a1cdbfe76fdaa9e008077e8e5a873e7b444effcadfee8c491948c62b437ffac008c545f3327b4624ba5aa12e97cea231c4f9b09827194dbab20a3b6aba714c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1496 wrote to memory of 964 1496 rundll32.exe rundll32.exe PID 1496 wrote to memory of 964 1496 rundll32.exe rundll32.exe PID 1496 wrote to memory of 964 1496 rundll32.exe rundll32.exe PID 1496 wrote to memory of 964 1496 rundll32.exe rundll32.exe PID 1496 wrote to memory of 964 1496 rundll32.exe rundll32.exe PID 1496 wrote to memory of 964 1496 rundll32.exe rundll32.exe PID 1496 wrote to memory of 964 1496 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b7f133a26a72f8c60627a51978887bccd9cffc32f527621bef81c1cd92a545a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b7f133a26a72f8c60627a51978887bccd9cffc32f527621bef81c1cd92a545a.dll,#12⤵