Analysis
-
max time kernel
38s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
11-07-2022 10:41
Static task
static1
Behavioral task
behavioral1
Sample
1084-57-0x0000000000190000-0x00000000001B2000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1084-57-0x0000000000190000-0x00000000001B2000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1084-57-0x0000000000190000-0x00000000001B2000-memory.dll
-
Size
136KB
-
MD5
e35ea41cf9c57d4ba206df1a218eda76
-
SHA1
a720e62567bc76a14256c87671670d6c08f8ecce
-
SHA256
56dc80ff83ec01da2e910f24d073918816a692e9a656fd585052044a86fd8bca
-
SHA512
5a43d02fc0e4c94a3bf1bb02b2f56e1b0d8902d486c35b567578830f03f5cfbcbb01b43a35ba4b85d6ec60d90a2a8f706269a038cd8f6242ac5441da826b865f
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1860 wrote to memory of 1276 1860 rundll32.exe rundll32.exe PID 1860 wrote to memory of 1276 1860 rundll32.exe rundll32.exe PID 1860 wrote to memory of 1276 1860 rundll32.exe rundll32.exe PID 1860 wrote to memory of 1276 1860 rundll32.exe rundll32.exe PID 1860 wrote to memory of 1276 1860 rundll32.exe rundll32.exe PID 1860 wrote to memory of 1276 1860 rundll32.exe rundll32.exe PID 1860 wrote to memory of 1276 1860 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1084-57-0x0000000000190000-0x00000000001B2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1084-57-0x0000000000190000-0x00000000001B2000-memory.dll,#12⤵