Analysis
-
max time kernel
45s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03-01-2023 15:52
Behavioral task
behavioral1
Sample
836-57-0x0000000001C00000-0x0000000001C22000-memory.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
836-57-0x0000000001C00000-0x0000000001C22000-memory.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
836-57-0x0000000001C00000-0x0000000001C22000-memory.dll
-
Size
136KB
-
MD5
92a62943ad0c6e4ed34868e1506f76d5
-
SHA1
f9471a6c5532ab4376ce8f97648d0b2efba3242a
-
SHA256
a72acf3bb8a45ffc8c515222dfa2eab3390e7a4c5642af20d5138881603f41d6
-
SHA512
0404ef14cd24a2c512046adce55f4c9442f6197f44c8f42160c7f1ebf0e5becbff63c200b15e55d3f6d48311f77599f9e360188de768f359b71f343f65e5af73
-
SSDEEP
3072:aAPgRPiNeLQ8S+ApA6JVt1YBTBfZjexm:aWgHLLS1i6Jn1YBTBRSx
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1664 wrote to memory of 1760 1664 rundll32.exe rundll32.exe PID 1664 wrote to memory of 1760 1664 rundll32.exe rundll32.exe PID 1664 wrote to memory of 1760 1664 rundll32.exe rundll32.exe PID 1664 wrote to memory of 1760 1664 rundll32.exe rundll32.exe PID 1664 wrote to memory of 1760 1664 rundll32.exe rundll32.exe PID 1664 wrote to memory of 1760 1664 rundll32.exe rundll32.exe PID 1664 wrote to memory of 1760 1664 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\836-57-0x0000000001C00000-0x0000000001C22000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\836-57-0x0000000001C00000-0x0000000001C22000-memory.dll,#12⤵