Analysis
-
max time kernel
44s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
13-07-2022 17:15
Static task
static1
Behavioral task
behavioral1
Sample
2024-57-0x0000000000180000-0x00000000001A2000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2024-57-0x0000000000180000-0x00000000001A2000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
2024-57-0x0000000000180000-0x00000000001A2000-memory.dll
-
Size
136KB
-
MD5
0b097358111b7de5196050a0c601ca15
-
SHA1
f47964bef29ed1ce35fc3751d127e57d12f83fd3
-
SHA256
c2748d0055603215490faebfa7006845be938b956d000ee4c464413e5f6e9125
-
SHA512
a1ef05ea174e5d75d4c216edb8ad7e59dd4e099755f2aa6d669412cd09591b1aef3955051e304506d0c18549f3a2d4fcff97247ae33a6fe2e40153134b8452a0
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1036 wrote to memory of 908 1036 rundll32.exe rundll32.exe PID 1036 wrote to memory of 908 1036 rundll32.exe rundll32.exe PID 1036 wrote to memory of 908 1036 rundll32.exe rundll32.exe PID 1036 wrote to memory of 908 1036 rundll32.exe rundll32.exe PID 1036 wrote to memory of 908 1036 rundll32.exe rundll32.exe PID 1036 wrote to memory of 908 1036 rundll32.exe rundll32.exe PID 1036 wrote to memory of 908 1036 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2024-57-0x0000000000180000-0x00000000001A2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2024-57-0x0000000000180000-0x00000000001A2000-memory.dll,#12⤵