Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
02-06-2023 22:59
Behavioral task
behavioral1
Sample
1888-83-0x0000000000170000-0x0000000000194000-memory.dll
Resource
win7-20230220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1888-83-0x0000000000170000-0x0000000000194000-memory.dll
Resource
win10v2004-20230220-en
1 signatures
150 seconds
General
-
Target
1888-83-0x0000000000170000-0x0000000000194000-memory.dll
-
Size
144KB
-
MD5
73bb465ebbf10a2ff4f8e1469e740855
-
SHA1
ca128e6975354a791c1a4da380bfdd58f803cab5
-
SHA256
6ab46957ab57cdd39a0255cc337e19c785d364a8bd1bc0f4d95d3a689bb28545
-
SHA512
d888cd6cdeb723cf817850790e0735f963c6892864ad907c530d96613771514d2bffd5ee4059048475ef44129cd1c41608773469434382d692c806c884d6b998
-
SSDEEP
3072:GHGjV9S0xRas5AfY1JL+8zA9lJhqxY4TBfgxALnr:djOs5DJLP09lJIxY4TBYxQ
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1444 wrote to memory of 632 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 632 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 632 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 632 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 632 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 632 1444 rundll32.exe rundll32.exe PID 1444 wrote to memory of 632 1444 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1888-83-0x0000000000170000-0x0000000000194000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1444 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1888-83-0x0000000000170000-0x0000000000194000-memory.dll,#12⤵PID:632