Analysis
-
max time kernel
28s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230621-en -
resource tags
arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system -
submitted
23-06-2023 19:07
Behavioral task
behavioral1
Sample
46b2f516dc41fa52b4c3a251b0af5f713aafd60875494da5a351503f68a3f69b.dll
Resource
win7-20230621-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
46b2f516dc41fa52b4c3a251b0af5f713aafd60875494da5a351503f68a3f69b.dll
Resource
win10v2004-20230621-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
46b2f516dc41fa52b4c3a251b0af5f713aafd60875494da5a351503f68a3f69b.dll
-
Size
64KB
-
MD5
d8cff4de7baf67253798daf51be0beff
-
SHA1
459b5bc022f3e69fcb4ea71c301b964e3fa58627
-
SHA256
46b2f516dc41fa52b4c3a251b0af5f713aafd60875494da5a351503f68a3f69b
-
SHA512
763b939507403797a8ab9d7c8199ecd2089c5d7102a2e47763ac1d7c7aff119261b96357ecf1ee9348ca0b8da9e817bac4374601c538dc02e14c2b9deeaa0495
-
SSDEEP
1536:MY0u1VmBOWAxsUBst5/QkhKLieBsQ4zlKBZ:MY0mvDkhaieBsQ2lKH
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1044 wrote to memory of 2024 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 2024 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 2024 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 2024 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 2024 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 2024 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 2024 1044 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\46b2f516dc41fa52b4c3a251b0af5f713aafd60875494da5a351503f68a3f69b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1044 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\46b2f516dc41fa52b4c3a251b0af5f713aafd60875494da5a351503f68a3f69b.dll,#12⤵PID:2024