Analysis
-
max time kernel
47s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
13-09-2022 13:19
Behavioral task
behavioral1
Sample
1960-57-0x0000000000140000-0x0000000000162000-memory.dll
Resource
win7-20220901-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1960-57-0x0000000000140000-0x0000000000162000-memory.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
1960-57-0x0000000000140000-0x0000000000162000-memory.dll
-
Size
136KB
-
MD5
e3a9620044e86095d38cb2eafb8cfdfb
-
SHA1
8d0f9d10fb7b863d0e999b4f8cc7d0469c835f20
-
SHA256
7b08b5f42954093d6a2342171eb6dc8da6a9d7d3f1d546b4f7c7a3f5345d4aa6
-
SHA512
02be5750419b4a7f2e8e9b1c5073b2d103c3f4907a7e92471118176b4bf1488d913bf75819620d8cfd9e12d8431eac368566989e41046f9721e9a0518f6d55bf
-
SSDEEP
1536:0Cf1pg43ZwsCJ28qerxgmtszKiSMQhABArbMJNq0ecieIOpnToIfp9cegrzsk:0CmTqETtsxOgAkJA0LVBTBfpWepk
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1724 wrote to memory of 1128 1724 rundll32.exe rundll32.exe PID 1724 wrote to memory of 1128 1724 rundll32.exe rundll32.exe PID 1724 wrote to memory of 1128 1724 rundll32.exe rundll32.exe PID 1724 wrote to memory of 1128 1724 rundll32.exe rundll32.exe PID 1724 wrote to memory of 1128 1724 rundll32.exe rundll32.exe PID 1724 wrote to memory of 1128 1724 rundll32.exe rundll32.exe PID 1724 wrote to memory of 1128 1724 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1960-57-0x0000000000140000-0x0000000000162000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1960-57-0x0000000000140000-0x0000000000162000-memory.dll,#12⤵