Analysis
-
max time kernel
15s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 15:58
Static task
static1
Behavioral task
behavioral1
Sample
0f8560cc3d3fed15dbe0c4eeadcc57ded3c07ac5778457af7543e7b0d471bb8b.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
0f8560cc3d3fed15dbe0c4eeadcc57ded3c07ac5778457af7543e7b0d471bb8b.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
0f8560cc3d3fed15dbe0c4eeadcc57ded3c07ac5778457af7543e7b0d471bb8b.dll
-
Size
3KB
-
MD5
455a8927f612ba7c36c52b0b0843cbb0
-
SHA1
85ffef5196d800522c2e1fa6826df56e0c746106
-
SHA256
0f8560cc3d3fed15dbe0c4eeadcc57ded3c07ac5778457af7543e7b0d471bb8b
-
SHA512
31ba684649d7cf09624384031e0c60dc8354458ad02461f1344297a100f91272c082a425f8007a06e004066e6578060dc6b83ba1b373e3bc1d0a2114cf4fc7dd
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1368 wrote to memory of 1740 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 1740 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 1740 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 1740 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 1740 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 1740 1368 rundll32.exe rundll32.exe PID 1368 wrote to memory of 1740 1368 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0f8560cc3d3fed15dbe0c4eeadcc57ded3c07ac5778457af7543e7b0d471bb8b.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0f8560cc3d3fed15dbe0c4eeadcc57ded3c07ac5778457af7543e7b0d471bb8b.dll,#12⤵