Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
21/11/2022, 14:45
Static task
static1
Behavioral task
behavioral1
Sample
8d6c23cfb649216c94e3bd8a832bfddb62f68648199c051d775ded6a0552bc98.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
8d6c23cfb649216c94e3bd8a832bfddb62f68648199c051d775ded6a0552bc98.dll
Resource
win10v2004-20221111-en
1 signatures
150 seconds
General
-
Target
8d6c23cfb649216c94e3bd8a832bfddb62f68648199c051d775ded6a0552bc98.dll
-
Size
3KB
-
MD5
3055af844fa2dd26f4c416ada73e3f50
-
SHA1
5bc34e074f952c8d48737ef7b8c461c086a54c13
-
SHA256
8d6c23cfb649216c94e3bd8a832bfddb62f68648199c051d775ded6a0552bc98
-
SHA512
e34d3f4259e690ad7dc50a29e8086e707e03937597787c46ff4083fb19a4bdbc975853d20a23a6294118840d8799e15ebb1ad72f551e166b9b93cf88fc38c400
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1636 wrote to memory of 1956 1636 rundll32.exe 28 PID 1636 wrote to memory of 1956 1636 rundll32.exe 28 PID 1636 wrote to memory of 1956 1636 rundll32.exe 28 PID 1636 wrote to memory of 1956 1636 rundll32.exe 28 PID 1636 wrote to memory of 1956 1636 rundll32.exe 28 PID 1636 wrote to memory of 1956 1636 rundll32.exe 28 PID 1636 wrote to memory of 1956 1636 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8d6c23cfb649216c94e3bd8a832bfddb62f68648199c051d775ded6a0552bc98.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1636 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8d6c23cfb649216c94e3bd8a832bfddb62f68648199c051d775ded6a0552bc98.dll,#12⤵PID:1956
-