Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
14-09-2022 14:47
Behavioral task
behavioral1
Sample
948-59-0x0000000000230000-0x00000000002B0000-memory.dll
Resource
win7-20220901-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
948-59-0x0000000000230000-0x00000000002B0000-memory.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
948-59-0x0000000000230000-0x00000000002B0000-memory.dll
-
Size
512KB
-
MD5
f9865f02f41b45d9669b5f0c944d13ef
-
SHA1
052e8922e3ea922d21bf1aa969fd9201d4e4bf2a
-
SHA256
f53dc46cee16a83c9af73ef349e38a625d14c4f9763eef9f5b146e59847c34b6
-
SHA512
904aee9531e7c1e0d6a881738bb0f03cacc1dfdfc956668b59a3cd9514f61f1180a8b63472b363d1e6b0cfb1800df7089bdd434eac0159ee42c281d658796d51
-
SSDEEP
12288:0RlddJulJ9doT/e1J9doT/eARlddJulJ9doT/eZ:0RlJkWT/IWT/jRlJkWT/8
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1204 wrote to memory of 1196 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1196 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1196 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1196 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1196 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1196 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 1196 1204 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\948-59-0x0000000000230000-0x00000000002B0000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\948-59-0x0000000000230000-0x00000000002B0000-memory.dll,#12⤵