Analysis
-
max time kernel
26s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
02/10/2022, 09:37
Behavioral task
behavioral1
Sample
0271ab458ff4a693321431897251c48c66104f634b8d565a386c5850b8d78980.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
0271ab458ff4a693321431897251c48c66104f634b8d565a386c5850b8d78980.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
0271ab458ff4a693321431897251c48c66104f634b8d565a386c5850b8d78980.dll
-
Size
96KB
-
MD5
0401759ac80ff8f55e6aca139267d20e
-
SHA1
f5580a45e23e233e89e512befb9e5232dabbcfe8
-
SHA256
0271ab458ff4a693321431897251c48c66104f634b8d565a386c5850b8d78980
-
SHA512
8f5dde04c1cfce0d6dbd0769ea68adc9f7ad6c68d8e2be1f5de15be94bf9b2a28d0b7f130a3631bf2ffa976594a265c9a14671658cf196990201a008fc98fb98
-
SSDEEP
1536:7rOUbmJ/ZS8DDfn+erG46TNNA4jsB/gmKCmH8wFCJUKmt5217/I:FbmhoODfn+eq46ha/1nmH8JOKm6R/I
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 692 wrote to memory of 1668 692 rundll32.exe 27 PID 692 wrote to memory of 1668 692 rundll32.exe 27 PID 692 wrote to memory of 1668 692 rundll32.exe 27 PID 692 wrote to memory of 1668 692 rundll32.exe 27 PID 692 wrote to memory of 1668 692 rundll32.exe 27 PID 692 wrote to memory of 1668 692 rundll32.exe 27 PID 692 wrote to memory of 1668 692 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0271ab458ff4a693321431897251c48c66104f634b8d565a386c5850b8d78980.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:692 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0271ab458ff4a693321431897251c48c66104f634b8d565a386c5850b8d78980.dll,#12⤵PID:1668
-