Analysis
-
max time kernel
40s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 22:42
Static task
static1
Behavioral task
behavioral1
Sample
9242e34c8d9dfe873d178e0f9cdb036aa7b729d32bc38d3e5a1a16a66b52fd2f.dll
Resource
win7-20221111-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
9242e34c8d9dfe873d178e0f9cdb036aa7b729d32bc38d3e5a1a16a66b52fd2f.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
9242e34c8d9dfe873d178e0f9cdb036aa7b729d32bc38d3e5a1a16a66b52fd2f.dll
-
Size
4KB
-
MD5
ea35f854ca8a4588b63fc3157fb00d00
-
SHA1
b4a6a9effda93834a493107b033f9b78e4e5d1aa
-
SHA256
9242e34c8d9dfe873d178e0f9cdb036aa7b729d32bc38d3e5a1a16a66b52fd2f
-
SHA512
1acaeadd8e46dfd70f1ed67c7bc5059a9b1164a14b8f63b4f7202aa3f326dabbafe0dd87e88304d22ea757e484ef49fbcb220e52f27b90f1fb45b6441977f804
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2036 wrote to memory of 1972 2036 rundll32.exe 28 PID 2036 wrote to memory of 1972 2036 rundll32.exe 28 PID 2036 wrote to memory of 1972 2036 rundll32.exe 28 PID 2036 wrote to memory of 1972 2036 rundll32.exe 28 PID 2036 wrote to memory of 1972 2036 rundll32.exe 28 PID 2036 wrote to memory of 1972 2036 rundll32.exe 28 PID 2036 wrote to memory of 1972 2036 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9242e34c8d9dfe873d178e0f9cdb036aa7b729d32bc38d3e5a1a16a66b52fd2f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2036 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9242e34c8d9dfe873d178e0f9cdb036aa7b729d32bc38d3e5a1a16a66b52fd2f.dll,#12⤵PID:1972
-