Analysis
-
max time kernel
28s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
07-02-2023 10:54
Behavioral task
behavioral1
Sample
940-56-0x0000000010000000-0x0000000010177000-memory.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
General
-
Target
940-56-0x0000000010000000-0x0000000010177000-memory.dll
-
Size
1.5MB
-
MD5
2d31293c421369b7161ad93a29d6c9ce
-
SHA1
380d757276880be16ad4927f90ace25bb3e56578
-
SHA256
821818e91d3203811e03830420c58065c6e2ef5d1b8f71f25bfb4be671540da5
-
SHA512
feaf4bad3a792cd18dcfa0328c0161e7f427a6f38d5646ea2feb368185b8c8b5c5ed4eb2887be292acf56dc35da199c90250c62e45ebc08e2be0e5f5b0479e16
-
SSDEEP
24576:CazXgPltxX913tS4Ka8yskqoSXMmBIvgHJOKiNFHyoovI/jto:CaDgdtn13nKFyMoS8mB4gHJOJFSVvIr
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1508 wrote to memory of 1504 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1504 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1504 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1504 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1504 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1504 1508 rundll32.exe rundll32.exe PID 1508 wrote to memory of 1504 1508 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\940-56-0x0000000010000000-0x0000000010177000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\940-56-0x0000000010000000-0x0000000010177000-memory.dll,#12⤵