Analysis
-
max time kernel
43s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
14-09-2022 12:33
Behavioral task
behavioral1
Sample
1188-57-0x00000000001C0000-0x00000000001E2000-memory.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1188-57-0x00000000001C0000-0x00000000001E2000-memory.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1188-57-0x00000000001C0000-0x00000000001E2000-memory.dll
-
Size
136KB
-
MD5
b04332066f402ae5cf346323f16d58f4
-
SHA1
9a76f1be665bdd1375444e466274f0ade8e35a61
-
SHA256
ab3e13c1e507e4f5f5fd6ae2b401b71cb04ce51893b3f0673a08c8b719618ac2
-
SHA512
c351e7ed95aa97f2ef202fec7a3725913a30abf270c40a7ea4a14c99fc9d09de9f09a7d1f4be54f6bf19d2fb4f6bfb482f5478b32afbc9e43d87b5799a899ee9
-
SSDEEP
1536:k6aE1pQ6Z4UC5OGna2VgG1D8ABoBAbjEJ9iMm06BHIOZnToIfpV8egrzMf:k6adbnacj1D8eIAEJIMrYpxTBfpee5f
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1884 wrote to memory of 1168 1884 rundll32.exe rundll32.exe PID 1884 wrote to memory of 1168 1884 rundll32.exe rundll32.exe PID 1884 wrote to memory of 1168 1884 rundll32.exe rundll32.exe PID 1884 wrote to memory of 1168 1884 rundll32.exe rundll32.exe PID 1884 wrote to memory of 1168 1884 rundll32.exe rundll32.exe PID 1884 wrote to memory of 1168 1884 rundll32.exe rundll32.exe PID 1884 wrote to memory of 1168 1884 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1188-57-0x00000000001C0000-0x00000000001E2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1188-57-0x00000000001C0000-0x00000000001E2000-memory.dll,#12⤵