Analysis
-
max time kernel
98s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
12-07-2022 03:18
Behavioral task
behavioral1
Sample
4d57595dd0174ff752b3286c012f3fb8edeec2e03877971dda66ec40c94d9204.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
4d57595dd0174ff752b3286c012f3fb8edeec2e03877971dda66ec40c94d9204.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
4d57595dd0174ff752b3286c012f3fb8edeec2e03877971dda66ec40c94d9204.dll
-
Size
62KB
-
MD5
d797d3c51f57fff2bf0a6f8408ec3646
-
SHA1
89f4e61ce2317d0458e8ebd5e9df8abee47ab491
-
SHA256
4d57595dd0174ff752b3286c012f3fb8edeec2e03877971dda66ec40c94d9204
-
SHA512
2a296ba79e98398fd7ed7649f70bf366ae221356dc6ec78291350bb89fa78675165db660c81c2dc0f14530977ea45a005c80129badb09f56a18d2e9416ee7b8c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1284 wrote to memory of 1636 1284 rundll32.exe rundll32.exe PID 1284 wrote to memory of 1636 1284 rundll32.exe rundll32.exe PID 1284 wrote to memory of 1636 1284 rundll32.exe rundll32.exe PID 1636 wrote to memory of 3352 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 3352 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 3352 1636 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4d57595dd0174ff752b3286c012f3fb8edeec2e03877971dda66ec40c94d9204.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4d57595dd0174ff752b3286c012f3fb8edeec2e03877971dda66ec40c94d9204.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exe--9dfb4f4a3⤵