Analysis
-
max time kernel
44s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system -
submitted
10-08-2022 13:24
Behavioral task
behavioral1
Sample
6e4aba5f91f4d01295db6a25820bccf96e982c11dc19eac820ec094e8bc5b5b2.dll
Resource
win7-20220718-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
6e4aba5f91f4d01295db6a25820bccf96e982c11dc19eac820ec094e8bc5b5b2.dll
Resource
win10v2004-20220721-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
6e4aba5f91f4d01295db6a25820bccf96e982c11dc19eac820ec094e8bc5b5b2.dll
-
Size
110KB
-
MD5
32cd4b21204a9e867088e41a0be8f6aa
-
SHA1
21f622535ca5ed8c0670382c420d380ba4a41799
-
SHA256
6e4aba5f91f4d01295db6a25820bccf96e982c11dc19eac820ec094e8bc5b5b2
-
SHA512
fc2787ea656668f217607892b704d3d0fd858c023912f78854317d9e91b97f19143f2f1cdc0be3fcd2f51595d03cf356c2ecdec87570f6ac6b3795210b3c375c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 972 wrote to memory of 1120 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1120 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1120 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1120 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1120 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1120 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1120 972 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6e4aba5f91f4d01295db6a25820bccf96e982c11dc19eac820ec094e8bc5b5b2.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6e4aba5f91f4d01295db6a25820bccf96e982c11dc19eac820ec094e8bc5b5b2.dll,#12⤵