Analysis
-
max time kernel
45s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
07-09-2022 02:58
Behavioral task
behavioral1
Sample
280-56-0x00000000753E0000-0x000000007545D000-memory.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
280-56-0x00000000753E0000-0x000000007545D000-memory.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
280-56-0x00000000753E0000-0x000000007545D000-memory.dll
-
Size
500KB
-
MD5
16d54db2e33e731a35a82434c42f60a4
-
SHA1
e229f9b722a194d91e031cbba49414097ff69e97
-
SHA256
3b65967478381324e0ca26ee6dad3c1437622a18f2a18a9c466293b7197e0b96
-
SHA512
6e7953a590611f0226b2b9a9c48a414e8e654de1c14fffb11a1e7002f2a52d33873f61554e2b9b70d33f602950edf27c80b9936b30cd8b29b8415c09a646344f
-
SSDEEP
3072:0Ls6GOhkfm9k9H1x8Lxq6im8DqM4ozD8iP:0Ls6NhkCG78L7iqM78
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1576 wrote to memory of 584 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 584 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 584 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 584 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 584 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 584 1576 rundll32.exe rundll32.exe PID 1576 wrote to memory of 584 1576 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\280-56-0x00000000753E0000-0x000000007545D000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\280-56-0x00000000753E0000-0x000000007545D000-memory.dll,#12⤵