Analysis
-
max time kernel
42s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
01-01-2023 14:21
Behavioral task
behavioral1
Sample
1724-57-0x0000000000180000-0x00000000001A2000-memory.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1724-57-0x0000000000180000-0x00000000001A2000-memory.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1724-57-0x0000000000180000-0x00000000001A2000-memory.dll
-
Size
136KB
-
MD5
11cba8a4bd8c6def554aeba821c7809e
-
SHA1
ef22e515036bccf6b7f2d04532504d734fc77105
-
SHA256
3f1c8adbd059874897bb65e4c4c9c702ea8cb7df2bc09ad487f7fbb11ea89146
-
SHA512
8a31e547a0d74842aa27e4b7b210f6a4cd6aeb20dddeef87c0a5f91f4e9aebb39181af3c57c2b5494d7df4b2abd8f41fce44a1600f4cb442ff731b45176d85ca
-
SSDEEP
1536:wWQQ1B+ZqZk4CpCTcaqiKAeZAwRkBA/r/FyJFmIyQAIO5nToIfppEegrzU7:wWQjdPaBKjZAOcA/sJ8ID2RTBfpCeJ7
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 340 wrote to memory of 1732 340 rundll32.exe rundll32.exe PID 340 wrote to memory of 1732 340 rundll32.exe rundll32.exe PID 340 wrote to memory of 1732 340 rundll32.exe rundll32.exe PID 340 wrote to memory of 1732 340 rundll32.exe rundll32.exe PID 340 wrote to memory of 1732 340 rundll32.exe rundll32.exe PID 340 wrote to memory of 1732 340 rundll32.exe rundll32.exe PID 340 wrote to memory of 1732 340 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1724-57-0x0000000000180000-0x00000000001A2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1724-57-0x0000000000180000-0x00000000001A2000-memory.dll,#12⤵