Analysis
-
max time kernel
29s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
03/01/2023, 16:13
Behavioral task
behavioral1
Sample
1684-57-0x00000000003F0000-0x0000000000412000-memory.dll
Resource
win7-20221111-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1684-57-0x00000000003F0000-0x0000000000412000-memory.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
1684-57-0x00000000003F0000-0x0000000000412000-memory.dll
-
Size
136KB
-
MD5
3ebdadb7ee39f3904c576f8c80960ed5
-
SHA1
c5f95305280586cd263448d82653a1b2f06f03d1
-
SHA256
e2b31d334c6e2942d058dc138b3890e67686bda3b8befbbbbd27d36504807b1d
-
SHA512
c2aac90e3a50f63f971c16ef00900178635aed88eb889d5f217bb8f73f72c37254c68e14f41cd3b44cd799c26b771c3123a1d384ea19968771bf7b4c9dc52a0c
-
SSDEEP
1536:pxD176oBvNCfzFy67owCItyt00P5BARkNJthbTJjIORnToIfNqkegrzgm:pxQpy6Hztyt0kzAuJvbtF5TBfNde1m
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1468 wrote to memory of 1360 1468 rundll32.exe 28 PID 1468 wrote to memory of 1360 1468 rundll32.exe 28 PID 1468 wrote to memory of 1360 1468 rundll32.exe 28 PID 1468 wrote to memory of 1360 1468 rundll32.exe 28 PID 1468 wrote to memory of 1360 1468 rundll32.exe 28 PID 1468 wrote to memory of 1360 1468 rundll32.exe 28 PID 1468 wrote to memory of 1360 1468 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1684-57-0x00000000003F0000-0x0000000000412000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1468 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1684-57-0x00000000003F0000-0x0000000000412000-memory.dll,#12⤵PID:1360
-