Analysis
-
max time kernel
63s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
26-11-2022 04:37
Behavioral task
behavioral1
Sample
1536-57-0x00000000028C0000-0x0000000002F22000-memory.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1536-57-0x00000000028C0000-0x0000000002F22000-memory.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1536-57-0x00000000028C0000-0x0000000002F22000-memory.dll
-
Size
6.4MB
-
MD5
8443edeb5f6c8d850271bcbecce07268
-
SHA1
59ddee885fe26cdf2a861b0fb2f311fdcdd5ebbc
-
SHA256
8b28c1435ba73ae861b9181496ed8d4818231181f39e2d449ee16e00252ba492
-
SHA512
29c504070f8c476567fefc165bb40c9acad116ba6c354f5b71c5250358e48a7ce5fb85217f6303ff2d9f893077c8cee68abe1da0ef1416f7aa3a2a5c1feb794e
-
SSDEEP
98304:7fxUmSHqb9IyyJFQ4Ql67EUWbSuakEs7H7AY8vjVSPe:7fSmSUaQbVakJ/j8N
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2008 wrote to memory of 1444 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1444 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1444 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1444 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1444 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1444 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1444 2008 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1536-57-0x00000000028C0000-0x0000000002F22000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1536-57-0x00000000028C0000-0x0000000002F22000-memory.dll,#12⤵