Analysis
-
max time kernel
43s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
08-09-2022 20:56
Behavioral task
behavioral1
Sample
1916-58-0x00000000002F0000-0x0000000000312000-memory.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1916-58-0x00000000002F0000-0x0000000000312000-memory.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1916-58-0x00000000002F0000-0x0000000000312000-memory.dll
-
Size
136KB
-
MD5
9d8014802ae6ada3b7308c716bf52ea5
-
SHA1
80df5c0570abb541a358c7c30e706989505af406
-
SHA256
9d0c54a0c475c6a3c946d0da56d0501616572402a2c082264118e003ca7d51d4
-
SHA512
9ecbe19e4402ccf6b596c782c44b4b44c67c81668b648c09205ac8a0ff488c456c27ee57db3ea58d56f4b383c84b1bca2b0b013547c24b6ec9a500e9a652f685
-
SSDEEP
1536:fhoq17ux3oB/dC/DMarfLiII+U7zJBA+SU9JNRrD5MIOxnToIfN6SegrzgxK:fhw4aXzI+kjAOJfrtCZTBfNXeVxK
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 832 wrote to memory of 1640 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 1640 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 1640 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 1640 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 1640 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 1640 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 1640 832 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1916-58-0x00000000002F0000-0x0000000000312000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1916-58-0x00000000002F0000-0x0000000000312000-memory.dll,#12⤵