Analysis
-
max time kernel
40s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 17:04
Static task
static1
Behavioral task
behavioral1
Sample
492b70ad7161b781d35e66373313575fe24a65a0384bbd5adf410c3da4d61c54.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
492b70ad7161b781d35e66373313575fe24a65a0384bbd5adf410c3da4d61c54.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
492b70ad7161b781d35e66373313575fe24a65a0384bbd5adf410c3da4d61c54.dll
-
Size
3KB
-
MD5
3760ec2244f60eab502ecea56a5d3983
-
SHA1
3f9ec576d1b6438cf15f95713290af5fc375c802
-
SHA256
492b70ad7161b781d35e66373313575fe24a65a0384bbd5adf410c3da4d61c54
-
SHA512
42898e5b184b90d69a94bde5fd273f25a982c2ec4284d7891895264afda0a79824a8e91eebd972053e1feecf3c8a91d39d4eef00e40977f52ca8cbbab81755f3
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1676 wrote to memory of 1380 1676 rundll32.exe rundll32.exe PID 1676 wrote to memory of 1380 1676 rundll32.exe rundll32.exe PID 1676 wrote to memory of 1380 1676 rundll32.exe rundll32.exe PID 1676 wrote to memory of 1380 1676 rundll32.exe rundll32.exe PID 1676 wrote to memory of 1380 1676 rundll32.exe rundll32.exe PID 1676 wrote to memory of 1380 1676 rundll32.exe rundll32.exe PID 1676 wrote to memory of 1380 1676 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\492b70ad7161b781d35e66373313575fe24a65a0384bbd5adf410c3da4d61c54.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\492b70ad7161b781d35e66373313575fe24a65a0384bbd5adf410c3da4d61c54.dll,#12⤵