Analysis
-
max time kernel
149s -
max time network
146s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
17-07-2020 06:41
Static task
static1
Behavioral task
behavioral1
Sample
90a0498b6351dd26caf13325fd1ab92e39dd7ba3f390ac6500602a3223b4f64d.dll
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
90a0498b6351dd26caf13325fd1ab92e39dd7ba3f390ac6500602a3223b4f64d.dll
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
90a0498b6351dd26caf13325fd1ab92e39dd7ba3f390ac6500602a3223b4f64d.dll
-
Size
112KB
-
MD5
1afa83672326b8b18432c635c08fe3ba
-
SHA1
480b17e16a5e7cd14e4796d682bba2dbf6e0d320
-
SHA256
bc372fa87f04bec52c7294a2aa9b30e27b7ba1a4eccfb8d0be2883f4090cf786
-
SHA512
d36b3ce52d76ee2524ba1a3f58df052242cce5be5d6328ab5642bd3cfc9bdee37cc45e123697686d827d33e710d1170a050a89a67791dbc5f7665525b3c4c70e
Score
8/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2040 wrote to memory of 3220 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 3220 2040 rundll32.exe rundll32.exe PID 2040 wrote to memory of 3220 2040 rundll32.exe rundll32.exe -
Blacklisted process makes network request 11 IoCs
Processes:
rundll32.exeflow pid process 7 3220 rundll32.exe 9 3220 rundll32.exe 10 3220 rundll32.exe 12 3220 rundll32.exe 14 3220 rundll32.exe 16 3220 rundll32.exe 18 3220 rundll32.exe 20 3220 rundll32.exe 22 3220 rundll32.exe 24 3220 rundll32.exe 26 3220 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 3220 rundll32.exe 3220 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\90a0498b6351dd26caf13325fd1ab92e39dd7ba3f390ac6500602a3223b4f64d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\90a0498b6351dd26caf13325fd1ab92e39dd7ba3f390ac6500602a3223b4f64d.dll,#12⤵
- Blacklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:3220