Analysis
-
max time kernel
26s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230621-en -
resource tags
arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system -
submitted
23-06-2023 04:59
Behavioral task
behavioral1
Sample
456-133-0x0000000010000000-0x0000000010024000-memory.dll
Resource
win7-20230621-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
456-133-0x0000000010000000-0x0000000010024000-memory.dll
Resource
win10v2004-20230621-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
456-133-0x0000000010000000-0x0000000010024000-memory.dll
-
Size
144KB
-
MD5
29bd5934750cf7751515d88f1438b70d
-
SHA1
3241ae1fac769d79063df4bed9973dfd1227533d
-
SHA256
4a7c1074c0b02e852b2ce6a2fe4f28d04d01da3ce8cf0e3938174d9f6447af57
-
SHA512
3083f11ef9607aaf699d3c56326a6a7563c0eb8516c52f6336686695d7e4b9e84767f481596d655c7a540ba0ede2a45040421f684e53ec94a048d0add2458440
-
SSDEEP
3072:VnPYcZtZHhf+pE90L6+j5zZCb+dJAC8nJxmefVcTBfwFy1bWeMhM:5Vh2pE90L6mzZCSdCdnJsefVcTBIFwCK
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1992 wrote to memory of 2012 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 2012 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 2012 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 2012 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 2012 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 2012 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 2012 1992 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\456-133-0x0000000010000000-0x0000000010024000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1992 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\456-133-0x0000000010000000-0x0000000010024000-memory.dll,#12⤵PID:2012