Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
04-07-2022 10:15
Static task
static1
Behavioral task
behavioral1
Sample
676-57-0x00000000001C0000-0x00000000001E2000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
676-57-0x00000000001C0000-0x00000000001E2000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
676-57-0x00000000001C0000-0x00000000001E2000-memory.dll
-
Size
136KB
-
MD5
51f4d7baff52973ba4c06c763a957646
-
SHA1
2edbc323589863be7a9179e4a7ae9e69443e6c31
-
SHA256
c19237b89e111f85b83fee7db2778a108d2c803c91dd869f757eb5bf8b9bd453
-
SHA512
15792e55ce5e2f8764c3d34d9d42f4ef5db96c4ed6ceda7bb282a0dc38affe4171381158f4b71ebe992dcbf4da1de1b9abb1b23f70fb6b918b6ee203263e4f20
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1008 wrote to memory of 1084 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1084 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1084 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1084 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1084 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1084 1008 rundll32.exe rundll32.exe PID 1008 wrote to memory of 1084 1008 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\676-57-0x00000000001C0000-0x00000000001E2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\676-57-0x00000000001C0000-0x00000000001E2000-memory.dll,#12⤵