Analysis
-
max time kernel
47s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
13-07-2022 16:46
Static task
static1
Behavioral task
behavioral1
Sample
996-81-0x00000000030A0000-0x0000000003AFD000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
996-81-0x00000000030A0000-0x0000000003AFD000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
996-81-0x00000000030A0000-0x0000000003AFD000-memory.dll
-
Size
10.4MB
-
MD5
fdb9e473e53c4a87685c79e25b32d204
-
SHA1
0877433fad372755bacc5574e65d682b570be5e4
-
SHA256
a49cfd03e995deb4705893c331d37acb39b86dc8d2c31d48d5b853aa60308640
-
SHA512
575d5b54e47ccbc577aae050038a4c0a354f56ccc9e3d16631a898e9d68654ae0d3489a62edd2fa1853d943a3932808e86a5941350f96365fbdbb34b5d10d283
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1932 wrote to memory of 1944 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 1944 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 1944 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 1944 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 1944 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 1944 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 1944 1932 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\996-81-0x00000000030A0000-0x0000000003AFD000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\996-81-0x00000000030A0000-0x0000000003AFD000-memory.dll,#12⤵