Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
13-06-2023 19:43
Behavioral task
behavioral1
Sample
32e322bf7c2208214c403b7d7cf994541cd9d2aa248efca7af2adbb6975adee2.dll
Resource
win7-20230220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
32e322bf7c2208214c403b7d7cf994541cd9d2aa248efca7af2adbb6975adee2.dll
Resource
win10v2004-20230220-en
1 signatures
150 seconds
General
-
Target
32e322bf7c2208214c403b7d7cf994541cd9d2aa248efca7af2adbb6975adee2.dll
-
Size
91KB
-
MD5
7df7d21c3098349dfc645d6ae9c0e077
-
SHA1
df6c32188295e43eaba2e4610a69318a8594ab11
-
SHA256
32e322bf7c2208214c403b7d7cf994541cd9d2aa248efca7af2adbb6975adee2
-
SHA512
e0dc9aa4979ce771df443611959f7815d76ea663e4750bef6c55d23cca1fde415ac0df0c9a6d91df9f4057d35190ec02a794d67a57b6f6edd0902cead4fec85a
-
SSDEEP
1536:OyzmG2t2kw5+4vhu92MZNOuQlqnVSv6eS57/XPaPowRWIb0:OyCG2tREvc3Z8CVEm5OPoqw
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1644 wrote to memory of 1384 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1384 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1384 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1384 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1384 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1384 1644 rundll32.exe rundll32.exe PID 1644 wrote to memory of 1384 1644 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\32e322bf7c2208214c403b7d7cf994541cd9d2aa248efca7af2adbb6975adee2.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\32e322bf7c2208214c403b7d7cf994541cd9d2aa248efca7af2adbb6975adee2.dll,#12⤵