Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
02-06-2023 11:25
Behavioral task
behavioral1
Sample
1008-85-0x0000000000130000-0x0000000000154000-memory.dll
Resource
win7-20230220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1008-85-0x0000000000130000-0x0000000000154000-memory.dll
Resource
win10v2004-20230220-en
1 signatures
150 seconds
General
-
Target
1008-85-0x0000000000130000-0x0000000000154000-memory.dll
-
Size
144KB
-
MD5
802fa6498c4cc0cd4937929fd831145c
-
SHA1
b25928ce3a03db5d24b7355353871d8330cba4b2
-
SHA256
46672233fdbae0255e3d5fb53d4388a590acbb3c0a4a6dfa9aff3b93b9e3e31a
-
SHA512
07dabf592804730a2f5e8a19dde0d3a0bfc5bfc2a25d6a94905e4ff290b7e58f8ab089dcba05e18a706c296a7b2ab1b24fa644cbe7ac640cdf37601521e4fc41
-
SSDEEP
3072:3eb57Y1JZZnXTtXAbpJZJpl0TBfAR6LP:F1JznjtQbpJTpl0TB4Rm
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1324 wrote to memory of 1196 1324 rundll32.exe rundll32.exe PID 1324 wrote to memory of 1196 1324 rundll32.exe rundll32.exe PID 1324 wrote to memory of 1196 1324 rundll32.exe rundll32.exe PID 1324 wrote to memory of 1196 1324 rundll32.exe rundll32.exe PID 1324 wrote to memory of 1196 1324 rundll32.exe rundll32.exe PID 1324 wrote to memory of 1196 1324 rundll32.exe rundll32.exe PID 1324 wrote to memory of 1196 1324 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1008-85-0x0000000000130000-0x0000000000154000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1324 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1008-85-0x0000000000130000-0x0000000000154000-memory.dll,#12⤵PID:1196
-