Analysis
-
max time kernel
40s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29/11/2022, 05:23
Static task
static1
Behavioral task
behavioral1
Sample
16471abb351b469bcbadb191291dff0a1b2f722c8ea2672de38bc34478f544da.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
16471abb351b469bcbadb191291dff0a1b2f722c8ea2672de38bc34478f544da.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
16471abb351b469bcbadb191291dff0a1b2f722c8ea2672de38bc34478f544da.dll
-
Size
3KB
-
MD5
7d40896ab052f81fd88cf72ed6a90e30
-
SHA1
92e447c61f6aa070b9cb1ede267bc524eab0cc4c
-
SHA256
16471abb351b469bcbadb191291dff0a1b2f722c8ea2672de38bc34478f544da
-
SHA512
1c4bc79240d80db628dca0915f4d6faced2f3bdd84ec2620155d16ffaf3d73cdec05683471d02a0982662e5ef3d370a6d04821237c50cf68af7161031f6cd925
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1132 wrote to memory of 1172 1132 rundll32.exe 27 PID 1132 wrote to memory of 1172 1132 rundll32.exe 27 PID 1132 wrote to memory of 1172 1132 rundll32.exe 27 PID 1132 wrote to memory of 1172 1132 rundll32.exe 27 PID 1132 wrote to memory of 1172 1132 rundll32.exe 27 PID 1132 wrote to memory of 1172 1132 rundll32.exe 27 PID 1132 wrote to memory of 1172 1132 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\16471abb351b469bcbadb191291dff0a1b2f722c8ea2672de38bc34478f544da.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1132 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\16471abb351b469bcbadb191291dff0a1b2f722c8ea2672de38bc34478f544da.dll,#12⤵PID:1172
-