Analysis
-
max time kernel
38s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
15-09-2022 13:10
Behavioral task
behavioral1
Sample
1168-57-0x0000000000190000-0x00000000001B2000-memory.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1168-57-0x0000000000190000-0x00000000001B2000-memory.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1168-57-0x0000000000190000-0x00000000001B2000-memory.dll
-
Size
136KB
-
MD5
8feba93e211ab79d768e2e5f4d1ef6c2
-
SHA1
0178a58b28dd99eaedc04fa6cd9150382b5a83df
-
SHA256
28e082dfa6351c9a26fdea0b8978ab67e2a6f72488dfe3537f0b3e004b8d0772
-
SHA512
b071269531c8a0eafef0019937dbdef94b19e58efe0acb3d70432f248b628910d5705268262cef901dee7905fd2659a5106d464c7f2baf265fef054692028aaf
-
SSDEEP
3072:bHQgaOi+EfiOBcnFAshJt5lHdTBfZbel7:jQddfiln2+JvlHdTBxKl
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1368 wrote to memory of 980 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 980 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 980 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 980 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 980 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 980 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 980 1368 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1168-57-0x0000000000190000-0x00000000001B2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1168-57-0x0000000000190000-0x00000000001B2000-memory.dll,#12⤵