Analysis
-
max time kernel
57s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system -
submitted
31-07-2022 08:48
Behavioral task
behavioral1
Sample
a67b23e806d1e74ad0043fd323500d1e30ebbe2ffed18de09b5059a9f4e5990f.dll
Resource
win7-20220718-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
a67b23e806d1e74ad0043fd323500d1e30ebbe2ffed18de09b5059a9f4e5990f.dll
Resource
win10v2004-20220721-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
a67b23e806d1e74ad0043fd323500d1e30ebbe2ffed18de09b5059a9f4e5990f.dll
-
Size
164KB
-
MD5
e5e1481d1be4dbfd85186dfb84df9aa3
-
SHA1
bce53c099e215c2f9b8d3c4bebeeff1f3b03fe54
-
SHA256
a67b23e806d1e74ad0043fd323500d1e30ebbe2ffed18de09b5059a9f4e5990f
-
SHA512
cfbd97e819aadcadd9e1e5602b27034873c160fefb0483fdb23f420b6e87ed49591a401a0adff61a8335bca77bea15d8f7e1288072ff8fed6f6cd907e8327f5c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1964 wrote to memory of 1996 1964 rundll32.exe rundll32.exe PID 1964 wrote to memory of 1996 1964 rundll32.exe rundll32.exe PID 1964 wrote to memory of 1996 1964 rundll32.exe rundll32.exe PID 1964 wrote to memory of 1996 1964 rundll32.exe rundll32.exe PID 1964 wrote to memory of 1996 1964 rundll32.exe rundll32.exe PID 1964 wrote to memory of 1996 1964 rundll32.exe rundll32.exe PID 1964 wrote to memory of 1996 1964 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a67b23e806d1e74ad0043fd323500d1e30ebbe2ffed18de09b5059a9f4e5990f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1964 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a67b23e806d1e74ad0043fd323500d1e30ebbe2ffed18de09b5059a9f4e5990f.dll,#12⤵PID:1996