Analysis
-
max time kernel
28s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
02-06-2023 22:01
Behavioral task
behavioral1
Sample
1700-55-0x00000000001E0000-0x0000000000204000-memory.dll
Resource
win7-20230220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1700-55-0x00000000001E0000-0x0000000000204000-memory.dll
Resource
win10v2004-20230220-en
1 signatures
150 seconds
General
-
Target
1700-55-0x00000000001E0000-0x0000000000204000-memory.dll
-
Size
144KB
-
MD5
eddaf5785d4ae321f5a73f967d7896c7
-
SHA1
9f1adf455310912f0a187e5082f38e31182baa96
-
SHA256
4f48dd64fbb28eb1b01daeee1b339386181cb3a0566e24da954d410bd469f7a0
-
SHA512
2ca85c1f94f59720c0e3ca8303ae8041bcc8baae2ab27c83235b0221219741390b12f6bcace0301fb86598399c1b66242874a4cfe1d93b9cb4a5dab6d4baaf77
-
SSDEEP
3072:aB6GqSbBtB1aC+0Qd66CAO/Jor7NcTBfwcsLu:gVtBo0a66HO/Jc7NcTBocU
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1748 wrote to memory of 1948 1748 rundll32.exe rundll32.exe PID 1748 wrote to memory of 1948 1748 rundll32.exe rundll32.exe PID 1748 wrote to memory of 1948 1748 rundll32.exe rundll32.exe PID 1748 wrote to memory of 1948 1748 rundll32.exe rundll32.exe PID 1748 wrote to memory of 1948 1748 rundll32.exe rundll32.exe PID 1748 wrote to memory of 1948 1748 rundll32.exe rundll32.exe PID 1748 wrote to memory of 1948 1748 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1700-55-0x00000000001E0000-0x0000000000204000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1748 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1700-55-0x00000000001E0000-0x0000000000204000-memory.dll,#12⤵PID:1948