Analysis
-
max time kernel
63s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 17:22
Static task
static1
Behavioral task
behavioral1
Sample
89e68464bd45d602c9312a38a590d46fc8a1c66ed4faf3fdb28ef37bfe724bc6.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
89e68464bd45d602c9312a38a590d46fc8a1c66ed4faf3fdb28ef37bfe724bc6.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
89e68464bd45d602c9312a38a590d46fc8a1c66ed4faf3fdb28ef37bfe724bc6.dll
-
Size
3KB
-
MD5
3568cbf50c7cb003419ae7306a36922f
-
SHA1
95c03603518ea8c2ddcdc1834703cc384f723e50
-
SHA256
89e68464bd45d602c9312a38a590d46fc8a1c66ed4faf3fdb28ef37bfe724bc6
-
SHA512
595f59bc10012c6a03853fac17984bea94a621aa30144053c5338573b55c561148610e2754393a2858d5c0df62424a3c6bb98cf6c01879d35b7864e241fd8db0
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 280 wrote to memory of 436 280 rundll32.exe rundll32.exe PID 280 wrote to memory of 436 280 rundll32.exe rundll32.exe PID 280 wrote to memory of 436 280 rundll32.exe rundll32.exe PID 280 wrote to memory of 436 280 rundll32.exe rundll32.exe PID 280 wrote to memory of 436 280 rundll32.exe rundll32.exe PID 280 wrote to memory of 436 280 rundll32.exe rundll32.exe PID 280 wrote to memory of 436 280 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\89e68464bd45d602c9312a38a590d46fc8a1c66ed4faf3fdb28ef37bfe724bc6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:280 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\89e68464bd45d602c9312a38a590d46fc8a1c66ed4faf3fdb28ef37bfe724bc6.dll,#12⤵PID:436