Analysis
-
max time kernel
138s -
max time network
54s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
09-07-2020 18:39
Static task
static1
Behavioral task
behavioral1
Sample
b6c99a5ba52fe2ef5b838d580f41a5e4f4c81389dd07bc716593483af33816b9.dll
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
b6c99a5ba52fe2ef5b838d580f41a5e4f4c81389dd07bc716593483af33816b9.dll
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
b6c99a5ba52fe2ef5b838d580f41a5e4f4c81389dd07bc716593483af33816b9.dll
-
Size
785KB
-
MD5
db5eaf6777c80fb752c19303457cac1d
-
SHA1
20b60c387bae82c3c24bb668ebd13a1a078c2cf7
-
SHA256
b6c99a5ba52fe2ef5b838d580f41a5e4f4c81389dd07bc716593483af33816b9
-
SHA512
31255c6e833aa07cfd3db94df6ae237f56e25a653d0edb636016a406a679400c1edef8d4b13709158c9690385a5220785d0eb11d44e6c7be90a4011a2aad09f8
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3656 wrote to memory of 3768 3656 rundll32.exe rundll32.exe PID 3656 wrote to memory of 3768 3656 rundll32.exe rundll32.exe PID 3656 wrote to memory of 3768 3656 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b6c99a5ba52fe2ef5b838d580f41a5e4f4c81389dd07bc716593483af33816b9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3656 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b6c99a5ba52fe2ef5b838d580f41a5e4f4c81389dd07bc716593483af33816b9.dll,#12⤵PID:3768