Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03-03-2024 07:13
Behavioral task
behavioral1
Sample
1416-58-0x00000000001F0000-0x00000000001FE000-memory.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1416-58-0x00000000001F0000-0x00000000001FE000-memory.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
1416-58-0x00000000001F0000-0x00000000001FE000-memory.dll
-
Size
56KB
-
MD5
4f81b31addb341c6a35d3b01b2025e8a
-
SHA1
14742e07ca600dfd009a15f5ec7884cd0ffa6a36
-
SHA256
1b4193409f97394db766eaeb33397bb879409f03cab7e54dc1f9a09c28697a31
-
SHA512
c501ae7936922ac0646046bd27c2a46858f9b9e592c7c45b88f6f0678961434748634f9a6e91251bd82a6b583f5eb74bf6916729a495bc18c8a22ebb4b213bfd
-
SSDEEP
768:A2R1W1xm3L4xvRy5NGQgGoKItuFe666yuwyF8sj1YsFVOZd43HmIt6J:PMbm3L4f2oKItuLn3kfsLs9/
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2836 wrote to memory of 2964 2836 rundll32.exe rundll32.exe PID 2836 wrote to memory of 2964 2836 rundll32.exe rundll32.exe PID 2836 wrote to memory of 2964 2836 rundll32.exe rundll32.exe PID 2836 wrote to memory of 2964 2836 rundll32.exe rundll32.exe PID 2836 wrote to memory of 2964 2836 rundll32.exe rundll32.exe PID 2836 wrote to memory of 2964 2836 rundll32.exe rundll32.exe PID 2836 wrote to memory of 2964 2836 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1416-58-0x00000000001F0000-0x00000000001FE000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1416-58-0x00000000001F0000-0x00000000001FE000-memory.dll,#12⤵