Analysis
-
max time kernel
227s -
max time network
336s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
09-12-2022 10:11
Behavioral task
behavioral1
Sample
1900-142-0x0000000010000000-0x0000000010B6B000-memory.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1900-142-0x0000000010000000-0x0000000010B6B000-memory.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
1900-142-0x0000000010000000-0x0000000010B6B000-memory.dll
-
Size
2.1MB
-
MD5
20d3611f21cee0d135b9c51db871a2bd
-
SHA1
469f0b2604612c69fc16b8efd6b24dd14037062c
-
SHA256
3b49d0793af0356c5fac9688a4ff3e15e8fd04537236ad48e9d75227a08b9768
-
SHA512
2a00ea73d34b6e707ea3453ed7b5841f23d985f39fe53d5a1b709d50205bfde3bb5ac76a6feff369e8fe6f2dc1ab68d722c5afb44f2e8b33cb91081bb39c0716
-
SSDEEP
49152:hF60mvOjpWKI5lEpYTqETr7Rd/tLyJe6OoY3lHt0UwIY:hF60mvGboLqGd/Be9OoY3MUwp
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 580 wrote to memory of 1868 580 rundll32.exe rundll32.exe PID 580 wrote to memory of 1868 580 rundll32.exe rundll32.exe PID 580 wrote to memory of 1868 580 rundll32.exe rundll32.exe PID 580 wrote to memory of 1868 580 rundll32.exe rundll32.exe PID 580 wrote to memory of 1868 580 rundll32.exe rundll32.exe PID 580 wrote to memory of 1868 580 rundll32.exe rundll32.exe PID 580 wrote to memory of 1868 580 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1900-142-0x0000000010000000-0x0000000010B6B000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1900-142-0x0000000010000000-0x0000000010B6B000-memory.dll,#12⤵