Analysis
-
max time kernel
41s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 17:02
Static task
static1
Behavioral task
behavioral1
Sample
f83cc8890370756d28c3c0370a4716d79a24e0fd442a09185ea9bde933fae1e7.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
f83cc8890370756d28c3c0370a4716d79a24e0fd442a09185ea9bde933fae1e7.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
f83cc8890370756d28c3c0370a4716d79a24e0fd442a09185ea9bde933fae1e7.dll
-
Size
3KB
-
MD5
369ae2d44ddad29298c7fc5c8571cfe9
-
SHA1
1a184415a54aeb97020db9dd5666212634b62cf7
-
SHA256
f83cc8890370756d28c3c0370a4716d79a24e0fd442a09185ea9bde933fae1e7
-
SHA512
d75bd12c8b65169c271b6172da07c2baef285ce86e961f3a2eecceb2a34a94f1aba5fe3b5d5a5a31c66da02a057727302ef444d03cf51bb7e34c7d71a8053842
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1628 wrote to memory of 572 1628 rundll32.exe rundll32.exe PID 1628 wrote to memory of 572 1628 rundll32.exe rundll32.exe PID 1628 wrote to memory of 572 1628 rundll32.exe rundll32.exe PID 1628 wrote to memory of 572 1628 rundll32.exe rundll32.exe PID 1628 wrote to memory of 572 1628 rundll32.exe rundll32.exe PID 1628 wrote to memory of 572 1628 rundll32.exe rundll32.exe PID 1628 wrote to memory of 572 1628 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f83cc8890370756d28c3c0370a4716d79a24e0fd442a09185ea9bde933fae1e7.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1628 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f83cc8890370756d28c3c0370a4716d79a24e0fd442a09185ea9bde933fae1e7.dll,#12⤵PID:572