Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
11-07-2022 20:54
Static task
static1
Behavioral task
behavioral1
Sample
1884-57-0x0000000000330000-0x0000000000352000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1884-57-0x0000000000330000-0x0000000000352000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1884-57-0x0000000000330000-0x0000000000352000-memory.dll
-
Size
136KB
-
MD5
08a03d4d271496fe89557c0f0eda4b00
-
SHA1
de3f75e4857c39a1dca990b198ff08eabaeda274
-
SHA256
ffc7b7eee99f5d70375bab96f19cce710513faf23f7e3b53eb3aa78a195a172a
-
SHA512
c34a5d0ea614071f9c3b1ea0075d7e05fbfaf44c00b5c9c48416eb3f285ab4ac98074a2eee45b6211821a09a85599b251c8007ccc3beb6aa744f836d1208e0b3
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 388 wrote to memory of 556 388 rundll32.exe rundll32.exe PID 388 wrote to memory of 556 388 rundll32.exe rundll32.exe PID 388 wrote to memory of 556 388 rundll32.exe rundll32.exe PID 388 wrote to memory of 556 388 rundll32.exe rundll32.exe PID 388 wrote to memory of 556 388 rundll32.exe rundll32.exe PID 388 wrote to memory of 556 388 rundll32.exe rundll32.exe PID 388 wrote to memory of 556 388 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1884-57-0x0000000000330000-0x0000000000352000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:388 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1884-57-0x0000000000330000-0x0000000000352000-memory.dll,#12⤵PID:556