Analysis
-
max time kernel
41s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
09-12-2022 10:27
Behavioral task
behavioral1
Sample
1252-56-0x0000000010000000-0x0000000010B6B000-memory.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1252-56-0x0000000010000000-0x0000000010B6B000-memory.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1252-56-0x0000000010000000-0x0000000010B6B000-memory.dll
-
Size
11.4MB
-
MD5
edf9f0111a501bebb57abfc0830ad0c9
-
SHA1
12ac68f512ef17c6737da7306c91d13b9ec5636a
-
SHA256
1347ba1bca8a62397a91cf71b9f640b817772e8f2ce3a7d0ae88136ee774c904
-
SHA512
61adce14bc496288aca15487dd674fa1cf3030d33e92d167d6723020bc01cbdf0be9d3222084fc2d3504a2af5f4d0d828e93398cad159f5b624540e6d3e2eb9b
-
SSDEEP
196608:XGGb+HxmVUtsQrcAnh7VrVMf3ksPqmzcl+LG314Hujb7KgkYCbGNBmHTE:XG++RPwQ7BMfUON+2HBb
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1336 wrote to memory of 1176 1336 rundll32.exe rundll32.exe PID 1336 wrote to memory of 1176 1336 rundll32.exe rundll32.exe PID 1336 wrote to memory of 1176 1336 rundll32.exe rundll32.exe PID 1336 wrote to memory of 1176 1336 rundll32.exe rundll32.exe PID 1336 wrote to memory of 1176 1336 rundll32.exe rundll32.exe PID 1336 wrote to memory of 1176 1336 rundll32.exe rundll32.exe PID 1336 wrote to memory of 1176 1336 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1252-56-0x0000000010000000-0x0000000010B6B000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1252-56-0x0000000010000000-0x0000000010B6B000-memory.dll,#12⤵