Analysis
-
max time kernel
38s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
14-09-2022 14:43
Behavioral task
behavioral1
Sample
948-57-0x0000000000240000-0x0000000000262000-memory.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
948-57-0x0000000000240000-0x0000000000262000-memory.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
948-57-0x0000000000240000-0x0000000000262000-memory.dll
-
Size
136KB
-
MD5
0dedd08d538d624130a566b306481bf1
-
SHA1
cce955f6212aac9f9a3ae774014bdb31156d98fc
-
SHA256
973a796d303982c392361327d61938a798bbcc7d18d1eeeefd9660003f953194
-
SHA512
d7a73b3020302c32089d5efcf625ae785089c4924436ee2d6d37f650e139f3aff3f54a3fb38ad7298b60ef1e1b7b0cf2e004df95dba4151a9c29a5ceda4faea1
-
SSDEEP
3072:anv39P5nOs6KddJHOQAjJaQLdoTBfJkIaFAi:YN5nOjKddJuljJ9LdoTBh7Il
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1612 wrote to memory of 788 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 788 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 788 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 788 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 788 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 788 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 788 1612 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\948-57-0x0000000000240000-0x0000000000262000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\948-57-0x0000000000240000-0x0000000000262000-memory.dll,#12⤵