Analysis
-
max time kernel
138s -
max time network
168s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
12-07-2022 08:07
Static task
static1
Behavioral task
behavioral1
Sample
1764-57-0x0000000000260000-0x0000000000282000-memory.dll
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1764-57-0x0000000000260000-0x0000000000282000-memory.dll
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
1764-57-0x0000000000260000-0x0000000000282000-memory.dll
-
Size
136KB
-
MD5
525119a368b99a9120a51d790bc1ec7d
-
SHA1
ee5a89fac6aa9b82709df6dbfb9be584295f4f37
-
SHA256
62cac929ebf22f267a35629ff6ee5e559eebcc33041d0bfd971d85109056125c
-
SHA512
35606c62409e660e222539fdb5c0a35fbff766a4d651de661ba2b60e57ada4908113d5ca3888f49a0f80acdbde326b9b0065ba8ab77b689fcd6b2c14c34b05cc
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2900 wrote to memory of 5100 2900 rundll32.exe rundll32.exe PID 2900 wrote to memory of 5100 2900 rundll32.exe rundll32.exe PID 2900 wrote to memory of 5100 2900 rundll32.exe rundll32.exe PID 5100 wrote to memory of 4212 5100 rundll32.exe rundll32.exe PID 5100 wrote to memory of 4212 5100 rundll32.exe rundll32.exe PID 5100 wrote to memory of 4212 5100 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1764-57-0x0000000000260000-0x0000000000282000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1764-57-0x0000000000260000-0x0000000000282000-memory.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1764-57-0x0000000000260000-0x0000000000282000-memory.dll,#13⤵