Analysis
-
max time kernel
38s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
25/12/2022, 22:39
Behavioral task
behavioral1
Sample
1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll
Resource
win10v2004-20221111-en
1 signatures
150 seconds
General
-
Target
1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll
-
Size
136KB
-
MD5
f25831342c0c6315ca6c3783d335e534
-
SHA1
45808e3bcd461a892a27969ced21222ddc7a91f7
-
SHA256
4a8942c9c84db3d1fb654fd15a34876297e616df272c093aa3c1f896825f95a4
-
SHA512
59eeba8b8c567bdaf3cdc855391773ec9be00fb7ab97c5b183f962507e9d07a02cfbeaa94a61e2c5d9f327a9f95e23259ce9e20642c17af36bc652de80881f5c
-
SSDEEP
3072:HfryJRYSh3e3msZAmJZt1olTBfZ3euAw:DyJBh3e3tymJn1olTBxOuA
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1348 wrote to memory of 1236 1348 rundll32.exe 26 PID 1348 wrote to memory of 1236 1348 rundll32.exe 26 PID 1348 wrote to memory of 1236 1348 rundll32.exe 26 PID 1348 wrote to memory of 1236 1348 rundll32.exe 26 PID 1348 wrote to memory of 1236 1348 rundll32.exe 26 PID 1348 wrote to memory of 1236 1348 rundll32.exe 26 PID 1348 wrote to memory of 1236 1348 rundll32.exe 26
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1348 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1964-57-0x00000000001D0000-0x00000000001F2000-memory.dll,#12⤵PID:1236
-