Analysis
-
max time kernel
16s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 23:20
Static task
static1
Behavioral task
behavioral1
Sample
1416ddc33012bc3f78a3e4cd57257058d47165f74e9360659f0c1e0ff17063b1.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1416ddc33012bc3f78a3e4cd57257058d47165f74e9360659f0c1e0ff17063b1.dll
Resource
win10v2004-20221111-en
1 signatures
150 seconds
General
-
Target
1416ddc33012bc3f78a3e4cd57257058d47165f74e9360659f0c1e0ff17063b1.dll
-
Size
5KB
-
MD5
eb990d75182bbd843f9ba083f3678610
-
SHA1
da14705235d1503e7eade7d9c63da7b5c2469537
-
SHA256
1416ddc33012bc3f78a3e4cd57257058d47165f74e9360659f0c1e0ff17063b1
-
SHA512
1083790c081935645e2b0206664c076c45bafab6f036147237967da2a10417c345c25f484bce043f447d577ebc9648d87ce25939bee268ab7a40bbbc506c3a43
-
SSDEEP
96:XprYDpKnI6wJ+Ls7guyHejyn/I9l0iairWf:XUcA+ggd+W/If0iVg
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1240 wrote to memory of 1720 1240 rundll32.exe 28 PID 1240 wrote to memory of 1720 1240 rundll32.exe 28 PID 1240 wrote to memory of 1720 1240 rundll32.exe 28 PID 1240 wrote to memory of 1720 1240 rundll32.exe 28 PID 1240 wrote to memory of 1720 1240 rundll32.exe 28 PID 1240 wrote to memory of 1720 1240 rundll32.exe 28 PID 1240 wrote to memory of 1720 1240 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1416ddc33012bc3f78a3e4cd57257058d47165f74e9360659f0c1e0ff17063b1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1240 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1416ddc33012bc3f78a3e4cd57257058d47165f74e9360659f0c1e0ff17063b1.dll,#12⤵PID:1720
-