Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
05/02/2023, 00:37
Behavioral task
behavioral1
Sample
2460-135-0x0000000000F10000-0x0000000000F33000-memory.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2460-135-0x0000000000F10000-0x0000000000F33000-memory.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
2460-135-0x0000000000F10000-0x0000000000F33000-memory.dll
-
Size
140KB
-
MD5
41c70eeb837d366dbacf9c83e7618889
-
SHA1
a518c80592c5a5c2698e6767aec817ccbd577205
-
SHA256
a8867456399a877c521e6d39a79f6835590cd8e63fd0b5b1964a3df1d9c7d97c
-
SHA512
2d7400e806d63d164a1932c2967edd41f5339f5b3e8ac98653282561bb9d6d75ee81fa37b38dfb5e59fd3d82d2f7c8cb7208ae9f36585b41d0021829ad2aec54
-
SSDEEP
3072:sBCoAHrIGweXf4kuT5CE3alAG6SKJoFZXHTBfPAZC:3HrIGPXQJ5RaWG6SKJeZXHTBHAZ
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1140 wrote to memory of 1016 1140 rundll32.exe 27 PID 1140 wrote to memory of 1016 1140 rundll32.exe 27 PID 1140 wrote to memory of 1016 1140 rundll32.exe 27 PID 1140 wrote to memory of 1016 1140 rundll32.exe 27 PID 1140 wrote to memory of 1016 1140 rundll32.exe 27 PID 1140 wrote to memory of 1016 1140 rundll32.exe 27 PID 1140 wrote to memory of 1016 1140 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2460-135-0x0000000000F10000-0x0000000000F33000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1140 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2460-135-0x0000000000F10000-0x0000000000F33000-memory.dll,#12⤵PID:1016
-