Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
03-01-2023 15:39
Behavioral task
behavioral1
Sample
1716-57-0x00000000001B0000-0x00000000001D2000-memory.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1716-57-0x00000000001B0000-0x00000000001D2000-memory.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1716-57-0x00000000001B0000-0x00000000001D2000-memory.dll
-
Size
136KB
-
MD5
bf469d43267320e2e1e05f6c22667423
-
SHA1
3c8411a20f9ef7b0fc4855ff801df224e9204880
-
SHA256
ccacb51ec00e6a383e2eb320df02fade6b902d26bdc1772ef5a799ac7be3cec7
-
SHA512
6508c194ffdfee7999fb0056959d89e884d55284b06563885b1f559a5000840db20d10be1434616513b66592660f953d45a0839d36d2ad4fc3baaa4abd6f367f
-
SSDEEP
3072:yEtcceW973aTDc+7A/AGJDnds5TBfVRe9e:yUccebTDcRIGJDds5TBtw9
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1464 wrote to memory of 1380 1464 rundll32.exe rundll32.exe PID 1464 wrote to memory of 1380 1464 rundll32.exe rundll32.exe PID 1464 wrote to memory of 1380 1464 rundll32.exe rundll32.exe PID 1464 wrote to memory of 1380 1464 rundll32.exe rundll32.exe PID 1464 wrote to memory of 1380 1464 rundll32.exe rundll32.exe PID 1464 wrote to memory of 1380 1464 rundll32.exe rundll32.exe PID 1464 wrote to memory of 1380 1464 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1716-57-0x00000000001B0000-0x00000000001D2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1716-57-0x00000000001B0000-0x00000000001D2000-memory.dll,#12⤵