Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
02-06-2023 23:04
Behavioral task
behavioral1
Sample
1564-130-0x0000000000180000-0x00000000001A4000-memory.dll
Resource
win7-20230220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1564-130-0x0000000000180000-0x00000000001A4000-memory.dll
Resource
win10v2004-20230220-en
1 signatures
150 seconds
General
-
Target
1564-130-0x0000000000180000-0x00000000001A4000-memory.dll
-
Size
144KB
-
MD5
d3233dacd4117cfe1402a1fa8afe1b2e
-
SHA1
e8e9f1c38c738f8a6555127103a2e8b0d6efc359
-
SHA256
0a98d4f328713aa2bf5bcc24e1aa810e5d8930fb340514f50abc2d85201e1a73
-
SHA512
b62f89e2ed13eb28136a2de23d9150ceb28730f80e42cde1b82aa8a563b2ec57f1d737d4f0232ddf0ccf6bf79a996daefb1b4918c1ac466714ea0debbf6ae24c
-
SSDEEP
3072:G1N8zhSt7DIYJTE2Aa01AA4HrrJOd/7cTBfQesLGr:A13IYJyao1ArJw/7cTBoeU
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1980 wrote to memory of 1992 1980 rundll32.exe rundll32.exe PID 1980 wrote to memory of 1992 1980 rundll32.exe rundll32.exe PID 1980 wrote to memory of 1992 1980 rundll32.exe rundll32.exe PID 1980 wrote to memory of 1992 1980 rundll32.exe rundll32.exe PID 1980 wrote to memory of 1992 1980 rundll32.exe rundll32.exe PID 1980 wrote to memory of 1992 1980 rundll32.exe rundll32.exe PID 1980 wrote to memory of 1992 1980 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1564-130-0x0000000000180000-0x00000000001A4000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1980 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1564-130-0x0000000000180000-0x00000000001A4000-memory.dll,#12⤵PID:1992