Analysis
-
max time kernel
38s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
14-07-2022 21:59
Static task
static1
Behavioral task
behavioral1
Sample
1896-57-0x00000000002F0000-0x0000000000312000-memory.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1896-57-0x00000000002F0000-0x0000000000312000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1896-57-0x00000000002F0000-0x0000000000312000-memory.dll
-
Size
136KB
-
MD5
4d9d7d7e94fdefa89735676ebe3bd607
-
SHA1
a4b6b465f8e78c5db094361d0c11d4bfb375f835
-
SHA256
4bc9ce262d95d9cfa04bc02a600b194e817def7b9b917e523509147fea730336
-
SHA512
9504b7c495276a1ad056ee1b0e950325635f2180c98b03f4cd79352eee03bda9162b60186b5e61d853d79e7bd76049c7b5b36007962ee16d453cf5d8402ac370
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2032 wrote to memory of 896 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 896 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 896 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 896 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 896 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 896 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 896 2032 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1896-57-0x00000000002F0000-0x0000000000312000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1896-57-0x00000000002F0000-0x0000000000312000-memory.dll,#12⤵