Analysis
-
max time kernel
16s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 16:52
Static task
static1
Behavioral task
behavioral1
Sample
20ee92ab06ef23889c427849cf737538f530f3d631a1f11d2565dedb5cc948f0.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
20ee92ab06ef23889c427849cf737538f530f3d631a1f11d2565dedb5cc948f0.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
20ee92ab06ef23889c427849cf737538f530f3d631a1f11d2565dedb5cc948f0.dll
-
Size
3KB
-
MD5
162c1da62a123e22ad53989b75ed749a
-
SHA1
1c6c4240893544f785716dd99f3ceb7ff2cf289e
-
SHA256
20ee92ab06ef23889c427849cf737538f530f3d631a1f11d2565dedb5cc948f0
-
SHA512
80a4bec83fbf3a582698468a59ded8008356cebc3082dc1d936ea5de2232917ba91746901630d3a55d5bafd35d1497f1b0deb1b527439cd9bbed8ef24162de47
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1796 wrote to memory of 1552 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1552 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1552 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1552 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1552 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1552 1796 rundll32.exe rundll32.exe PID 1796 wrote to memory of 1552 1796 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\20ee92ab06ef23889c427849cf737538f530f3d631a1f11d2565dedb5cc948f0.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\20ee92ab06ef23889c427849cf737538f530f3d631a1f11d2565dedb5cc948f0.dll,#12⤵