Analysis
-
max time kernel
1619s -
max time network
1623s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
05-07-2022 03:50
Static task
static1
Behavioral task
behavioral1
Sample
a06d126812be4878b49d804b28ea1525ace185246ab9dd93f14c057cc81bc3eb.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
a06d126812be4878b49d804b28ea1525ace185246ab9dd93f14c057cc81bc3eb.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
a06d126812be4878b49d804b28ea1525ace185246ab9dd93f14c057cc81bc3eb.dll
-
Size
259KB
-
MD5
68be9bd8607794481b636d3361dc7c4c
-
SHA1
d350638208e76f3ea98dfd990d8e6368d7a46173
-
SHA256
a06d126812be4878b49d804b28ea1525ace185246ab9dd93f14c057cc81bc3eb
-
SHA512
c686d1522bde812a18c2807c2cbb6a646bc025dc1a945ba28eca8b076ea8924d68f34d82d3e19328fe52fd0a67e23161f2378708118fea977c0141df594680fd
Score
8/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1664-56-0x0000000013150000-0x00000000131EC000-memory.dmp upx -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1516 wrote to memory of 1664 1516 rundll32.exe rundll32.exe PID 1516 wrote to memory of 1664 1516 rundll32.exe rundll32.exe PID 1516 wrote to memory of 1664 1516 rundll32.exe rundll32.exe PID 1516 wrote to memory of 1664 1516 rundll32.exe rundll32.exe PID 1516 wrote to memory of 1664 1516 rundll32.exe rundll32.exe PID 1516 wrote to memory of 1664 1516 rundll32.exe rundll32.exe PID 1516 wrote to memory of 1664 1516 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a06d126812be4878b49d804b28ea1525ace185246ab9dd93f14c057cc81bc3eb.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a06d126812be4878b49d804b28ea1525ace185246ab9dd93f14c057cc81bc3eb.dll,#12⤵