Analysis
-
max time kernel
169s -
max time network
177s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
02/10/2022, 07:02
Static task
static1
Behavioral task
behavioral1
Sample
5f9adf8d353195c5c136d7879d564a0822e69e998d7bc2f02fa034d2a37bef64.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
5f9adf8d353195c5c136d7879d564a0822e69e998d7bc2f02fa034d2a37bef64.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
5f9adf8d353195c5c136d7879d564a0822e69e998d7bc2f02fa034d2a37bef64.dll
-
Size
3KB
-
MD5
65bdd97bec55b2215b10780381c4a070
-
SHA1
d8c572b5dce032a9a8960a4dedabf271ce7ff138
-
SHA256
5f9adf8d353195c5c136d7879d564a0822e69e998d7bc2f02fa034d2a37bef64
-
SHA512
168b5528215b05f7a40707288565ba3bb983ea25c9fcd3865c29cd88655a76dbdc1f92057fe9b42584d8c0a2564f6bae0c789cd32ff4241db0db37ef8f7d2338
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3488 wrote to memory of 4952 3488 rundll32.exe 81 PID 3488 wrote to memory of 4952 3488 rundll32.exe 81 PID 3488 wrote to memory of 4952 3488 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5f9adf8d353195c5c136d7879d564a0822e69e998d7bc2f02fa034d2a37bef64.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3488 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5f9adf8d353195c5c136d7879d564a0822e69e998d7bc2f02fa034d2a37bef64.dll,#12⤵PID:4952
-