Analysis
-
max time kernel
43s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
09-09-2022 13:46
Behavioral task
behavioral1
Sample
820-57-0x0000000000130000-0x0000000000152000-memory.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
820-57-0x0000000000130000-0x0000000000152000-memory.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
820-57-0x0000000000130000-0x0000000000152000-memory.dll
-
Size
136KB
-
MD5
a7a59dc2827d6635b533651d81945742
-
SHA1
4549ce2e028e4815cd9c39954313af05f1f867a2
-
SHA256
a81ea22669579f82801519dd2dd7f70293b049eaf9e4812406c0e4fbbd419190
-
SHA512
e2b8a0183d24e5818622252d584195743d941ca81ad543afc27ecf5d0766d1255f71e8347bb62e5f30c4e4d82b4dab00ac4548d80dfa0e2be18e99fb15a320f6
-
SSDEEP
3072:yFAwlNqY4PtpT0uk3A2J7/N2pTBfFbeNPA:6AkkY4PtpT0hw2JjN2pTB9KN
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 768 wrote to memory of 1536 768 rundll32.exe rundll32.exe PID 768 wrote to memory of 1536 768 rundll32.exe rundll32.exe PID 768 wrote to memory of 1536 768 rundll32.exe rundll32.exe PID 768 wrote to memory of 1536 768 rundll32.exe rundll32.exe PID 768 wrote to memory of 1536 768 rundll32.exe rundll32.exe PID 768 wrote to memory of 1536 768 rundll32.exe rundll32.exe PID 768 wrote to memory of 1536 768 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\820-57-0x0000000000130000-0x0000000000152000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\820-57-0x0000000000130000-0x0000000000152000-memory.dll,#12⤵