Analysis
-
max time kernel
250s -
max time network
301s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29/11/2022, 15:05
Static task
static1
Behavioral task
behavioral1
Sample
ec906bddecccdb194377cfe7f716e199c1259a98d974822ccc96213cb19eb87c.dll
Resource
win7-20220901-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
ec906bddecccdb194377cfe7f716e199c1259a98d974822ccc96213cb19eb87c.dll
Resource
win10v2004-20221111-en
1 signatures
150 seconds
General
-
Target
ec906bddecccdb194377cfe7f716e199c1259a98d974822ccc96213cb19eb87c.dll
-
Size
3KB
-
MD5
cb05f13ba65c5359e654e27dff8edd9b
-
SHA1
b78a695f911f0447f6ab2d85e413aeb71a046686
-
SHA256
ec906bddecccdb194377cfe7f716e199c1259a98d974822ccc96213cb19eb87c
-
SHA512
65631e646403e9031a536b77c844fb4fdb523bcae095d3ab43e5bf195ad112d8397fbc12e8fbfc948241da88938294e159b83621bea8d37f6003f7c21bc8d6c9
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4860 wrote to memory of 2040 4860 rundll32.exe 80 PID 4860 wrote to memory of 2040 4860 rundll32.exe 80 PID 4860 wrote to memory of 2040 4860 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ec906bddecccdb194377cfe7f716e199c1259a98d974822ccc96213cb19eb87c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4860 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ec906bddecccdb194377cfe7f716e199c1259a98d974822ccc96213cb19eb87c.dll,#12⤵PID:2040
-