Analysis
-
max time kernel
46s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
09-09-2022 13:37
Behavioral task
behavioral1
Sample
2056-139-0x0000000000AD0000-0x0000000000AF2000-memory.dll
Resource
win7-20220901-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2056-139-0x0000000000AD0000-0x0000000000AF2000-memory.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
2056-139-0x0000000000AD0000-0x0000000000AF2000-memory.dll
-
Size
136KB
-
MD5
ac0c8e0da2f97e895009c07f859a269e
-
SHA1
c613788affcbb8f70517ea1336bf18e51fa7e811
-
SHA256
267e79017f594a69f6b7b83198bdccd6cde68851057d7e9dfd6a1a84406e1a98
-
SHA512
e94824b7b57dd42e4f37cd0550b7cd4c6a7b3f6d73040a1bb1ec5add5e078836e2e9a5565c38662ec52afdfcd6ad05d900676f5dc5ab3a1c1dbc1d4aca3eff99
-
SSDEEP
3072:7873wynovR3O2MpAGJJ9V+nFTBfZteNtA:7mgxR3OdiGJHV+nFTBxEN
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1308 wrote to memory of 1356 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1356 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1356 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1356 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1356 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1356 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1356 1308 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2056-139-0x0000000000AD0000-0x0000000000AF2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2056-139-0x0000000000AD0000-0x0000000000AF2000-memory.dll,#12⤵