Analysis
-
max time kernel
44s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
12-07-2022 08:26
Static task
static1
Behavioral task
behavioral1
Sample
964-57-0x0000000001E20000-0x0000000001E42000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
964-57-0x0000000001E20000-0x0000000001E42000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
964-57-0x0000000001E20000-0x0000000001E42000-memory.dll
-
Size
136KB
-
MD5
ac31ead58e8d3885e403c3862227eb98
-
SHA1
4dc65c6c5ba23d9880e07dde72078ddabf82d095
-
SHA256
ca353249a1cd426a6c9d2572ba447c1362d8f8126f59dce700092fa325b2b32d
-
SHA512
ccbb324c10889bc338d094f63ca4ad520b0aa96dd72e0670af656cd1ae8c5fe30095df669950168355f50c453fc7c707bb687eb8bf2600b4605710c58effbe83
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 536 wrote to memory of 896 536 rundll32.exe rundll32.exe PID 536 wrote to memory of 896 536 rundll32.exe rundll32.exe PID 536 wrote to memory of 896 536 rundll32.exe rundll32.exe PID 536 wrote to memory of 896 536 rundll32.exe rundll32.exe PID 536 wrote to memory of 896 536 rundll32.exe rundll32.exe PID 536 wrote to memory of 896 536 rundll32.exe rundll32.exe PID 536 wrote to memory of 896 536 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\964-57-0x0000000001E20000-0x0000000001E42000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:536 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\964-57-0x0000000001E20000-0x0000000001E42000-memory.dll,#12⤵PID:896
-