Analysis
-
max time kernel
37s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06/12/2022, 20:41
Behavioral task
behavioral1
Sample
e9d78f593b6bfbd15ac5b50c78647b39305828379292a9d4b76d2a52380b5b9a.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
e9d78f593b6bfbd15ac5b50c78647b39305828379292a9d4b76d2a52380b5b9a.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
e9d78f593b6bfbd15ac5b50c78647b39305828379292a9d4b76d2a52380b5b9a.dll
-
Size
78KB
-
MD5
6b2ae6ac4d27eb6bc5576e9841eb85c0
-
SHA1
f68bdf4a9862068427e302442d4d0517e92d1467
-
SHA256
e9d78f593b6bfbd15ac5b50c78647b39305828379292a9d4b76d2a52380b5b9a
-
SHA512
30d0b36248cc33608f6a0c2d0efa9f3fe70b90a94100e81df4de72fefe54b4f00622d76f360076d27b45fce948e672f3ae1d62d4c715807dd3a6b832e86897d2
-
SSDEEP
1536:HKvv9jeCw6l9n+Eu2Sop32Qx43Qtu5Kxy6KP4S7k78h75OqCH2f:TSHu2Skx43QtiKQ6IV7kwh75OqCC
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1384 wrote to memory of 684 1384 rundll32.exe 27 PID 1384 wrote to memory of 684 1384 rundll32.exe 27 PID 1384 wrote to memory of 684 1384 rundll32.exe 27 PID 1384 wrote to memory of 684 1384 rundll32.exe 27 PID 1384 wrote to memory of 684 1384 rundll32.exe 27 PID 1384 wrote to memory of 684 1384 rundll32.exe 27 PID 1384 wrote to memory of 684 1384 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e9d78f593b6bfbd15ac5b50c78647b39305828379292a9d4b76d2a52380b5b9a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1384 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e9d78f593b6bfbd15ac5b50c78647b39305828379292a9d4b76d2a52380b5b9a.dll,#12⤵PID:684
-