Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
09-09-2022 13:34
Behavioral task
behavioral1
Sample
1128-57-0x00000000001D0000-0x00000000001F2000-memory.dll
Resource
win7-20220901-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1128-57-0x00000000001D0000-0x00000000001F2000-memory.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1128-57-0x00000000001D0000-0x00000000001F2000-memory.dll
-
Size
136KB
-
MD5
ee51524edc5e4d3ba9b0ae9bd0c7764b
-
SHA1
a523b3272ac3af0495151e8431b6a8c8579e6696
-
SHA256
9d0a3ae5ce3137221a1024008c32cf2a55bd5dc2b02f29014643fa71e41a67f3
-
SHA512
8fec75c151ca1ac937a28c3547d2c05ad5a11e89fc4c5d69ffa318b537782162ebfaff30694f8a7d966f05131fc31b5daca461adec075276732e37f5bf996ca3
-
SSDEEP
3072:afryJRYSh3e3msZAmJZt1h8lTBfZdeuAAA:qyJBh3e3tymJn1alTBxUuA
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2032 wrote to memory of 2016 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 2016 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 2016 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 2016 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 2016 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 2016 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 2016 2032 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1128-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1128-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#12⤵