Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
12-07-2022 08:11
Static task
static1
Behavioral task
behavioral1
Sample
1836-57-0x0000000000740000-0x0000000000762000-memory.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1836-57-0x0000000000740000-0x0000000000762000-memory.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
1836-57-0x0000000000740000-0x0000000000762000-memory.dll
-
Size
136KB
-
MD5
7f8b785bd9d33b660cd9d426727700cb
-
SHA1
7de266431752d2a2062776a034bf1ac64fe2a78f
-
SHA256
97715b931d74b19b1cc32fbc457ab18422335b116a71a5895fc701dd7e279be8
-
SHA512
90061751e5e0df28d9e5511086f4cc6790d0e2ea82137dd346a9e64194e17ffd209ac01578163359464b916efbd892dc364084708c71539408e9879c60d0a512
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1228 wrote to memory of 900 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 900 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 900 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 900 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 900 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 900 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 900 1228 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1836-57-0x0000000000740000-0x0000000000762000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1836-57-0x0000000000740000-0x0000000000762000-memory.dll,#12⤵