Analysis
-
max time kernel
26s -
max time network
29s -
platform
windows7_x64 -
resource
win7-20230621-en -
resource tags
arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system -
submitted
23-06-2023 00:22
Behavioral task
behavioral1
Sample
1208-135-0x0000000010000000-0x0000000010024000-memory.dll
Resource
win7-20230621-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1208-135-0x0000000010000000-0x0000000010024000-memory.dll
Resource
win10v2004-20230621-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
1208-135-0x0000000010000000-0x0000000010024000-memory.dll
-
Size
144KB
-
MD5
7c13a176aea67a81ffbb5b087ba67a91
-
SHA1
fcc77f82ec2be834d4444c97863f3cebfbfe723b
-
SHA256
f3c8f51cc72a89b490b1ad9c1977c9ff75df55b9af5bc48bb24d2f02a19f9126
-
SHA512
108acc6fa79d581211365d7fea416b120168f4c89558445feaeffdefd5dce504bfc50ecaf142be2d2fa5c52b3805febf039917dbf82513df800f66c252e0c6ff
-
SSDEEP
3072:VnPYcZtZHhf+pE90L6+j5zZCb+dJAC8nJxmefAcTBfwFy1bWeMhM:5Vh2pE90L6mzZCSdCdnJsefAcTBIFwCK
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1640 wrote to memory of 1876 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 1876 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 1876 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 1876 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 1876 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 1876 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 1876 1640 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1208-135-0x0000000010000000-0x0000000010024000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1640 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1208-135-0x0000000010000000-0x0000000010024000-memory.dll,#12⤵PID:1876