Analysis
-
max time kernel
21s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
25-11-2022 19:42
Static task
static1
Behavioral task
behavioral1
Sample
60f9629977d0077eeec2ae31a065468f14b9f715fbc9681306cbbc0ea46aaa0d.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
60f9629977d0077eeec2ae31a065468f14b9f715fbc9681306cbbc0ea46aaa0d.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
60f9629977d0077eeec2ae31a065468f14b9f715fbc9681306cbbc0ea46aaa0d.dll
-
Size
3KB
-
MD5
bb6880660c6fa38ab4e2a88d0e784157
-
SHA1
fcc35f6d288fd88fe1751e030cc72de2cd8a5d73
-
SHA256
60f9629977d0077eeec2ae31a065468f14b9f715fbc9681306cbbc0ea46aaa0d
-
SHA512
6fa6c49fcfea58a6f407c208277c7645ada900474bae13b55fc86619c612c5a325bb0ef143bc9ce15088f0d5d2bcda31f6494d6104d569c251518b1488b6bc61
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1952 wrote to memory of 1948 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 1948 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 1948 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 1948 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 1948 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 1948 1952 rundll32.exe rundll32.exe PID 1952 wrote to memory of 1948 1952 rundll32.exe rundll32.exe PID 1948 wrote to memory of 1420 1948 rundll32.exe wscript.exe PID 1948 wrote to memory of 1420 1948 rundll32.exe wscript.exe PID 1948 wrote to memory of 1420 1948 rundll32.exe wscript.exe PID 1948 wrote to memory of 1420 1948 rundll32.exe wscript.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\60f9629977d0077eeec2ae31a065468f14b9f715fbc9681306cbbc0ea46aaa0d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1952 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\60f9629977d0077eeec2ae31a065468f14b9f715fbc9681306cbbc0ea46aaa0d.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1948 -
C:\Windows\SysWOW64\wscript.exewscript.exe //B s.js3⤵PID:1420