Analysis
-
max time kernel
10s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 18:19
Static task
static1
Behavioral task
behavioral1
Sample
980d08ac0f54c86d7323392a00b63a6cd03d6790afc3806693187fd20ecfaaf8.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
980d08ac0f54c86d7323392a00b63a6cd03d6790afc3806693187fd20ecfaaf8.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
980d08ac0f54c86d7323392a00b63a6cd03d6790afc3806693187fd20ecfaaf8.dll
-
Size
3KB
-
MD5
2e6beea0a908cbbb496fc7c083358770
-
SHA1
e6dab4d7a3fb8e32e95a286bd58cedf8389c4ef7
-
SHA256
980d08ac0f54c86d7323392a00b63a6cd03d6790afc3806693187fd20ecfaaf8
-
SHA512
bef2337cd1d7030bb4081160325065ff11bebe5e6186537089721d35acdc0a2645259dcb37b3a8d7afafca4f98ebff36215fd9219cf333b62611426b598973d2
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1948 wrote to memory of 1400 1948 rundll32.exe 28 PID 1948 wrote to memory of 1400 1948 rundll32.exe 28 PID 1948 wrote to memory of 1400 1948 rundll32.exe 28 PID 1948 wrote to memory of 1400 1948 rundll32.exe 28 PID 1948 wrote to memory of 1400 1948 rundll32.exe 28 PID 1948 wrote to memory of 1400 1948 rundll32.exe 28 PID 1948 wrote to memory of 1400 1948 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\980d08ac0f54c86d7323392a00b63a6cd03d6790afc3806693187fd20ecfaaf8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1948 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\980d08ac0f54c86d7323392a00b63a6cd03d6790afc3806693187fd20ecfaaf8.dll,#12⤵PID:1400
-