Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
19-01-2023 19:22
Behavioral task
behavioral1
Sample
1228-56-0x0000000000200000-0x0000000000222000-memory.dll
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1228-56-0x0000000000200000-0x0000000000222000-memory.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1228-56-0x0000000000200000-0x0000000000222000-memory.dll
-
Size
136KB
-
MD5
cfa9622b583d8bf988f6494c96f11649
-
SHA1
4502ad14add7fcc8322911958152d1dcf1bb6276
-
SHA256
e0c569fdb90f01b3215e1be2fbebdd6a06c89a6ac2fc7a15f2bc27adebcd9b65
-
SHA512
ad1a525a0ce19cc4f29c8b91abecf7e50e369f496f458fc258313a5d7cbac2b36d56fd91dce32a8d8fcbf9883926a56f2206bf1310f4b8b015ec56452ca552f6
-
SSDEEP
3072:dxrPkLQvtZSLf7vSjgR9l687/W3bLn2F4pVpSjb24cD:d9cQlyf7vSq9l42mnUjbE
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1708 wrote to memory of 1448 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 1448 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 1448 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 1448 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 1448 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 1448 1708 rundll32.exe rundll32.exe PID 1708 wrote to memory of 1448 1708 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1228-56-0x0000000000200000-0x0000000000222000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1228-56-0x0000000000200000-0x0000000000222000-memory.dll,#12⤵