Analysis
-
max time kernel
4s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
04/12/2022, 00:43
Behavioral task
behavioral1
Sample
ea0daf0bba3f1f4faa4e15859b73fc7b3c7ab210ffe94df0ea5227e4998df812.dll
Resource
win7-20221111-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
ea0daf0bba3f1f4faa4e15859b73fc7b3c7ab210ffe94df0ea5227e4998df812.dll
Resource
win10v2004-20221111-en
1 signatures
150 seconds
General
-
Target
ea0daf0bba3f1f4faa4e15859b73fc7b3c7ab210ffe94df0ea5227e4998df812.dll
-
Size
59KB
-
MD5
643da917d61a01869233f419480ccd50
-
SHA1
ed39ac84d971515a0336f41f1cf1b3d95851db70
-
SHA256
ea0daf0bba3f1f4faa4e15859b73fc7b3c7ab210ffe94df0ea5227e4998df812
-
SHA512
0855444514c20dea4df37112c1fab5f4656b5af53f3f14aee77b323f646f7b1fd88fd164305c9b78199742f2c40cd03b69976836665b1dac0353de1a3f047598
-
SSDEEP
1536:1zExMwCGQ2jcZiUbL5ESdFFXZ+ABOZCGG+HxvZGzs+/Tx:1I+wCGvQZjXG0+5ZC8Hxv5+bx
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1780 wrote to memory of 1484 1780 rundll32.exe 28 PID 1780 wrote to memory of 1484 1780 rundll32.exe 28 PID 1780 wrote to memory of 1484 1780 rundll32.exe 28 PID 1780 wrote to memory of 1484 1780 rundll32.exe 28 PID 1780 wrote to memory of 1484 1780 rundll32.exe 28 PID 1780 wrote to memory of 1484 1780 rundll32.exe 28 PID 1780 wrote to memory of 1484 1780 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ea0daf0bba3f1f4faa4e15859b73fc7b3c7ab210ffe94df0ea5227e4998df812.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1780 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ea0daf0bba3f1f4faa4e15859b73fc7b3c7ab210ffe94df0ea5227e4998df812.dll,#12⤵PID:1484
-