Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
08-09-2022 13:41
Behavioral task
behavioral1
Sample
1116-58-0x00000000005B0000-0x00000000005D2000-memory.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1116-58-0x00000000005B0000-0x00000000005D2000-memory.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1116-58-0x00000000005B0000-0x00000000005D2000-memory.dll
-
Size
136KB
-
MD5
9a46ab8b6c25eac0b3457613a4d2806d
-
SHA1
9f94b196bef495744772b234b7cd7435f4aa2d63
-
SHA256
19bfb4760ab745ef88c65a209504ebb8787a03f93456d4c21da3cf6e4642d91c
-
SHA512
6455edb20eaeb5fe607be8ae25115a9e7e3cb1826f6eac1943f26f285f2f5128b9bb7eeb69847da429d7d8a6881985c02c8798380a02a69eed5c0c96d08b35fb
-
SSDEEP
3072:uHc6WPn5YB2L9KRRcGUM/AdJJbd7ITBfVfcaFA+:8en5YB2LURRcG1IdJJd7ITBt0I5
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 828 wrote to memory of 1972 828 rundll32.exe rundll32.exe PID 828 wrote to memory of 1972 828 rundll32.exe rundll32.exe PID 828 wrote to memory of 1972 828 rundll32.exe rundll32.exe PID 828 wrote to memory of 1972 828 rundll32.exe rundll32.exe PID 828 wrote to memory of 1972 828 rundll32.exe rundll32.exe PID 828 wrote to memory of 1972 828 rundll32.exe rundll32.exe PID 828 wrote to memory of 1972 828 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1116-58-0x00000000005B0000-0x00000000005D2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1116-58-0x00000000005B0000-0x00000000005D2000-memory.dll,#12⤵