Analysis
-
max time kernel
3s -
max time network
8s -
platform
windows7_x64 -
resource
win7 -
submitted
28-08-2020 13:18
Static task
static1
Behavioral task
behavioral1
Sample
693e56d27b658947e6a9d0f18803cc38b430a9f203ad91cb680e6ea1acafe40f.dll
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
693e56d27b658947e6a9d0f18803cc38b430a9f203ad91cb680e6ea1acafe40f.dll
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
693e56d27b658947e6a9d0f18803cc38b430a9f203ad91cb680e6ea1acafe40f.dll
-
Size
12KB
-
MD5
8d79d99a1571e751f2672d2689c37081
-
SHA1
2b4d512d7218b97a8d1e6d8ed43b4ca9ba2b4b34
-
SHA256
693e56d27b658947e6a9d0f18803cc38b430a9f203ad91cb680e6ea1acafe40f
-
SHA512
6f5434bc4f16b05f3f62588109e5769b13172089993c85804a36359ea47c1a69b769d518921d110e4b52bf64444e834aec642ffb03f545eb756a01b0986debb7
Score
8/10
Malware Config
Signatures
-
Blacklisted process makes network request 1 IoCs
flow pid Process 1 912 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1144 wrote to memory of 912 1144 rundll32.exe 24 PID 1144 wrote to memory of 912 1144 rundll32.exe 24 PID 1144 wrote to memory of 912 1144 rundll32.exe 24 PID 1144 wrote to memory of 912 1144 rundll32.exe 24 PID 1144 wrote to memory of 912 1144 rundll32.exe 24 PID 1144 wrote to memory of 912 1144 rundll32.exe 24 PID 1144 wrote to memory of 912 1144 rundll32.exe 24
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\693e56d27b658947e6a9d0f18803cc38b430a9f203ad91cb680e6ea1acafe40f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1144 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\693e56d27b658947e6a9d0f18803cc38b430a9f203ad91cb680e6ea1acafe40f.dll,#12⤵
- Blacklisted process makes network request
PID:912
-