Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
11-07-2022 20:54
Static task
static1
Behavioral task
behavioral1
Sample
1884-57-0x0000000000330000-0x0000000000352000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1884-57-0x0000000000330000-0x0000000000352000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1884-57-0x0000000000330000-0x0000000000352000-memory.dll
-
Size
136KB
-
MD5
08a03d4d271496fe89557c0f0eda4b00
-
SHA1
de3f75e4857c39a1dca990b198ff08eabaeda274
-
SHA256
ffc7b7eee99f5d70375bab96f19cce710513faf23f7e3b53eb3aa78a195a172a
-
SHA512
c34a5d0ea614071f9c3b1ea0075d7e05fbfaf44c00b5c9c48416eb3f285ab4ac98074a2eee45b6211821a09a85599b251c8007ccc3beb6aa744f836d1208e0b3
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes:
rundll32.exerundll32.exerundll32.exerundll32.exedescription pid process target process PID 1788 wrote to memory of 2900 1788 rundll32.exe rundll32.exe PID 1788 wrote to memory of 2900 1788 rundll32.exe rundll32.exe PID 1788 wrote to memory of 2900 1788 rundll32.exe rundll32.exe PID 2900 wrote to memory of 1832 2900 rundll32.exe rundll32.exe PID 2900 wrote to memory of 1832 2900 rundll32.exe rundll32.exe PID 2900 wrote to memory of 1832 2900 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1668 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1668 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1668 1832 rundll32.exe rundll32.exe PID 1668 wrote to memory of 2360 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 2360 1668 rundll32.exe rundll32.exe PID 1668 wrote to memory of 2360 1668 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1884-57-0x0000000000330000-0x0000000000352000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1788 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1884-57-0x0000000000330000-0x0000000000352000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2900 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1884-57-0x0000000000330000-0x0000000000352000-memory.dll,#13⤵
- Suspicious use of WriteProcessMemory
PID:1832 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1884-57-0x0000000000330000-0x0000000000352000-memory.dll,#14⤵
- Suspicious use of WriteProcessMemory
PID:1668 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1884-57-0x0000000000330000-0x0000000000352000-memory.dll,#15⤵PID:2360