Analysis
-
max time kernel
1s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
24-11-2022 00:40
Static task
static1
Behavioral task
behavioral1
Sample
8f3efd199ac255a69425bee62f00b77600de704b706af63ad92f5b8b075b55ec.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
8f3efd199ac255a69425bee62f00b77600de704b706af63ad92f5b8b075b55ec.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
8f3efd199ac255a69425bee62f00b77600de704b706af63ad92f5b8b075b55ec.dll
-
Size
3KB
-
MD5
005106f7588d9e416bb7c66ce3b0a960
-
SHA1
6d3428acbeba4725bce8b876662b9a10c0b97fd0
-
SHA256
8f3efd199ac255a69425bee62f00b77600de704b706af63ad92f5b8b075b55ec
-
SHA512
fa80f73426b88200d17071bc235dfa890792e260b150318175cf6c4560f8e725748cfaaac3da19133d2d499ef003fdca46fca9fc774d02ca33023f58b312d169
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1356 wrote to memory of 1052 1356 rundll32.exe rundll32.exe PID 1356 wrote to memory of 1052 1356 rundll32.exe rundll32.exe PID 1356 wrote to memory of 1052 1356 rundll32.exe rundll32.exe PID 1356 wrote to memory of 1052 1356 rundll32.exe rundll32.exe PID 1356 wrote to memory of 1052 1356 rundll32.exe rundll32.exe PID 1356 wrote to memory of 1052 1356 rundll32.exe rundll32.exe PID 1356 wrote to memory of 1052 1356 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8f3efd199ac255a69425bee62f00b77600de704b706af63ad92f5b8b075b55ec.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8f3efd199ac255a69425bee62f00b77600de704b706af63ad92f5b8b075b55ec.dll,#12⤵