Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
resource tags
arch:x64arch:x86image:win7-20220414-enlocale:en-usos:windows7-x64system -
submitted
15-07-2022 23:46
Behavioral task
behavioral1
Sample
1204-57-0x0000000000980000-0x00000000009A2000-memory.dll
Resource
win7-20220414-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1204-57-0x0000000000980000-0x00000000009A2000-memory.dll
Resource
win10v2004-20220414-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1204-57-0x0000000000980000-0x00000000009A2000-memory.dll
-
Size
136KB
-
MD5
217172a75efc553df8b3bac2e1c87f4d
-
SHA1
4e988f872f6be5eddf03028069eafb7bbbc71370
-
SHA256
41b863c5b7e4cfad70fe4c82c41791d57d9004378a03fc710c01f678c2ff7a74
-
SHA512
9c6317e772e7c01c66dcf74d758e822927a83927f00aabd7c74249c3727f7593e2b69137d9a55d53291eb1a6555e6192528c801e7c59339cc28f5b3734dd9145
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1920 wrote to memory of 1912 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 1912 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 1912 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 1912 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 1912 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 1912 1920 rundll32.exe rundll32.exe PID 1920 wrote to memory of 1912 1920 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1204-57-0x0000000000980000-0x00000000009A2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1204-57-0x0000000000980000-0x00000000009A2000-memory.dll,#12⤵