Analysis
-
max time kernel
46s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
04/12/2022, 00:20
Static task
static1
Behavioral task
behavioral1
Sample
996686e3fd252d9c750de3682bdf1a13f1b1f6e1084a1f48976d794cfb49c764.dll
Resource
win7-20221111-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
996686e3fd252d9c750de3682bdf1a13f1b1f6e1084a1f48976d794cfb49c764.dll
Resource
win10v2004-20221111-en
1 signatures
150 seconds
General
-
Target
996686e3fd252d9c750de3682bdf1a13f1b1f6e1084a1f48976d794cfb49c764.dll
-
Size
4KB
-
MD5
74085d366c5e1891f4930f3cee65b540
-
SHA1
2bb62790e31d3f1ba9941a04ec165d803d36737c
-
SHA256
996686e3fd252d9c750de3682bdf1a13f1b1f6e1084a1f48976d794cfb49c764
-
SHA512
f033ad00777569878b60cc57136048c84b963235da6c1193f0a2bb0da85ea818a0415168a0bfae5b4a761fa1ff1705e3f0a7d5a8bc364651d1e9eccbe92109c0
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 308 wrote to memory of 1040 308 rundll32.exe 28 PID 308 wrote to memory of 1040 308 rundll32.exe 28 PID 308 wrote to memory of 1040 308 rundll32.exe 28 PID 308 wrote to memory of 1040 308 rundll32.exe 28 PID 308 wrote to memory of 1040 308 rundll32.exe 28 PID 308 wrote to memory of 1040 308 rundll32.exe 28 PID 308 wrote to memory of 1040 308 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\996686e3fd252d9c750de3682bdf1a13f1b1f6e1084a1f48976d794cfb49c764.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:308 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\996686e3fd252d9c750de3682bdf1a13f1b1f6e1084a1f48976d794cfb49c764.dll,#12⤵PID:1040
-