Analysis
-
max time kernel
42s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
29-11-2022 05:46
Static task
static1
Behavioral task
behavioral1
Sample
776f7a72dc738ee7b3c1365f159bb72e015b628c530e6591d532397ea8e4aa71.dll
Resource
win7-20220901-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
776f7a72dc738ee7b3c1365f159bb72e015b628c530e6591d532397ea8e4aa71.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
776f7a72dc738ee7b3c1365f159bb72e015b628c530e6591d532397ea8e4aa71.dll
-
Size
4KB
-
MD5
4a96e9d36ac5e1fa8ad1b0c08961e880
-
SHA1
b8d3509a9d5db86549d91e5ab67c47a11195041c
-
SHA256
776f7a72dc738ee7b3c1365f159bb72e015b628c530e6591d532397ea8e4aa71
-
SHA512
117d295a19e9cb96e8f08353f844bca90a1a536215ed1729cf63c5b793098f657816368bdf18417a42a5236082e5678cca96c7941c44211b2e34a7ffad7b66ee
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2032 wrote to memory of 1128 2032 rundll32.exe 26 PID 2032 wrote to memory of 1128 2032 rundll32.exe 26 PID 2032 wrote to memory of 1128 2032 rundll32.exe 26 PID 2032 wrote to memory of 1128 2032 rundll32.exe 26 PID 2032 wrote to memory of 1128 2032 rundll32.exe 26 PID 2032 wrote to memory of 1128 2032 rundll32.exe 26 PID 2032 wrote to memory of 1128 2032 rundll32.exe 26
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\776f7a72dc738ee7b3c1365f159bb72e015b628c530e6591d532397ea8e4aa71.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\776f7a72dc738ee7b3c1365f159bb72e015b628c530e6591d532397ea8e4aa71.dll,#12⤵PID:1128
-