Analysis
-
max time kernel
41s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
02/10/2022, 23:00
Behavioral task
behavioral1
Sample
0b178cc6f7455183b4851c7cb1b59823fad83733e430d5fcaf507960e4b8ee3d.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
0b178cc6f7455183b4851c7cb1b59823fad83733e430d5fcaf507960e4b8ee3d.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
0b178cc6f7455183b4851c7cb1b59823fad83733e430d5fcaf507960e4b8ee3d.dll
-
Size
53KB
-
MD5
0aa22d49bc66ab6b7f74777045cc5a10
-
SHA1
50ff7fe64c7b27deb78015836985d38bedc4ff87
-
SHA256
0b178cc6f7455183b4851c7cb1b59823fad83733e430d5fcaf507960e4b8ee3d
-
SHA512
15c0d6de6b77ba11a970c8fcb778d56dce87d3c44116f18d96208ddc08c4ed9825d7ca5e2df4ad1da22e3f86c0271bfea555cf2ff7023554a9aa6462a8a8240a
-
SSDEEP
768:z3OHS8KOzAV97gepBKzJMrs1+qXuy99XN2W7G/rzZGmx/pBRYAAdsaJ+VJHWZd:yHZEV904BKSsKOXMz9pnYpiHyd
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 968 wrote to memory of 1568 968 rundll32.exe 27 PID 968 wrote to memory of 1568 968 rundll32.exe 27 PID 968 wrote to memory of 1568 968 rundll32.exe 27 PID 968 wrote to memory of 1568 968 rundll32.exe 27 PID 968 wrote to memory of 1568 968 rundll32.exe 27 PID 968 wrote to memory of 1568 968 rundll32.exe 27 PID 968 wrote to memory of 1568 968 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0b178cc6f7455183b4851c7cb1b59823fad83733e430d5fcaf507960e4b8ee3d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:968 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0b178cc6f7455183b4851c7cb1b59823fad83733e430d5fcaf507960e4b8ee3d.dll,#12⤵PID:1568
-