Analysis
-
max time kernel
47s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
08-09-2022 13:58
Behavioral task
behavioral1
Sample
1112-58-0x00000000008E0000-0x0000000000902000-memory.dll
Resource
win7-20220901-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1112-58-0x00000000008E0000-0x0000000000902000-memory.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1112-58-0x00000000008E0000-0x0000000000902000-memory.dll
-
Size
136KB
-
MD5
3df21ba60801472caafa71c3632035e5
-
SHA1
d713b0e53915ef7f6488eee219a69ec192368c92
-
SHA256
fee6225d025407a4ad4b3910112d41fb39d712e770eb842beb44273efd63d70e
-
SHA512
6ade7589cbb616b79f8d71825d4a58fcd99e89871ddd813aef1fc20be12a669df67e49aabf02b88c70df6d881fa53a660a4ca611c87537aaf907dcaccf425453
-
SSDEEP
3072:KJJfPnrN866+/5/HZqKAHJo+H9ITBfKw6YaFAa:K3nrN81+/5/HQfHJlH9ITBVVIV
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1204 wrote to memory of 1344 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1344 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1344 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1344 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1344 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1344 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1344 1204 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1112-58-0x00000000008E0000-0x0000000000902000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1112-58-0x00000000008E0000-0x0000000000902000-memory.dll,#12⤵