Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
15-06-2023 12:39
Behavioral task
behavioral1
Sample
4924-147-0x0000000010000000-0x0000000010024000-memory.dll
Resource
win7-20230220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
4924-147-0x0000000010000000-0x0000000010024000-memory.dll
Resource
win10v2004-20230220-en
1 signatures
150 seconds
General
-
Target
4924-147-0x0000000010000000-0x0000000010024000-memory.dll
-
Size
144KB
-
MD5
1b9aab54c8f0222684c473140c34ea67
-
SHA1
294263e96eecd5e719e02d7d587311219dede699
-
SHA256
5ac81aed3810cef16d627be303620a072fed5e8f51d3cdd549b3286b6e4cf820
-
SHA512
fc1d0c6cd8975e709139bb336e5034bace5b50a85291b3a07189d246802ec701a903188e26df85c6c50db1b40471c28273433500421d940e9077e9091c5b82cb
-
SSDEEP
3072:hFQGpV0kS95ObbMv8mCOihAAfBqJZmtfwcTBfw8mEE:VS9kPyCVh1fBqJEtfwcTBI8lE
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1232 wrote to memory of 1188 1232 rundll32.exe rundll32.exe PID 1232 wrote to memory of 1188 1232 rundll32.exe rundll32.exe PID 1232 wrote to memory of 1188 1232 rundll32.exe rundll32.exe PID 1232 wrote to memory of 1188 1232 rundll32.exe rundll32.exe PID 1232 wrote to memory of 1188 1232 rundll32.exe rundll32.exe PID 1232 wrote to memory of 1188 1232 rundll32.exe rundll32.exe PID 1232 wrote to memory of 1188 1232 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4924-147-0x0000000010000000-0x0000000010024000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1232 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4924-147-0x0000000010000000-0x0000000010024000-memory.dll,#12⤵PID:1188