Analysis
-
max time kernel
139s -
max time network
177s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03-12-2022 23:33
Static task
static1
Behavioral task
behavioral1
Sample
d6f609073da2fad433fd07a04caf3af84264b9295212d393b1213628650e4960.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
d6f609073da2fad433fd07a04caf3af84264b9295212d393b1213628650e4960.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
d6f609073da2fad433fd07a04caf3af84264b9295212d393b1213628650e4960.dll
-
Size
3KB
-
MD5
1dd9a8016a803d59fa6a77baa0a16c10
-
SHA1
1e32307c86c2572959d93888366b1b370e19e521
-
SHA256
d6f609073da2fad433fd07a04caf3af84264b9295212d393b1213628650e4960
-
SHA512
bc74a381298d7c6add372983faf8d8107be7274ab63739866e31145b7a3e27182c1f70f581da2d65a4d2f91651fed167a9476c1f7601449afdf895527c4c2a12
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2612 wrote to memory of 1920 2612 rundll32.exe 80 PID 2612 wrote to memory of 1920 2612 rundll32.exe 80 PID 2612 wrote to memory of 1920 2612 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d6f609073da2fad433fd07a04caf3af84264b9295212d393b1213628650e4960.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2612 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d6f609073da2fad433fd07a04caf3af84264b9295212d393b1213628650e4960.dll,#12⤵PID:1920
-