Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
14-09-2022 12:32
Behavioral task
behavioral1
Sample
904-57-0x0000000000180000-0x00000000001A2000-memory.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
904-57-0x0000000000180000-0x00000000001A2000-memory.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
904-57-0x0000000000180000-0x00000000001A2000-memory.dll
-
Size
136KB
-
MD5
a1bd173c7a5e61543ab4ce0e29394f31
-
SHA1
c66bf9683250212853e48b73f523c68817cf31a0
-
SHA256
7f972efa3c8fc3b1ad0fefb05e975545ce96562ef4ef44509ab55154f1208cac
-
SHA512
c1f64190f9982804be658c7b9198b92d2b647a004c8fda76350405ceb947d53ecaa4356b267fc0a45cfeafacd412c301dd0bdd2ad820586f846d33ef67e7eb13
-
SSDEEP
3072:wWQjdPaBKjZAOcA/sJ8IDVvRTBfpCeJ5:XQJCgjZ55kJ7DRRTBBZJ
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1684 wrote to memory of 368 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 368 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 368 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 368 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 368 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 368 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 368 1684 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\904-57-0x0000000000180000-0x00000000001A2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\904-57-0x0000000000180000-0x00000000001A2000-memory.dll,#12⤵