Resubmissions
15-11-2023 15:23
231115-ssstfsbf48 1026-10-2020 10:00
201026-ltfyhgt87a 1026-10-2020 09:57
201026-g5lkjjzlws 1025-10-2020 21:42
201025-xtgchbgbbn 1Analysis
-
max time kernel
109s -
max time network
112s -
platform
windows7_x64 -
resource
win7 -
submitted
25-10-2020 21:42
Static task
static1
Behavioral task
behavioral1
Sample
d9296a8ed1105c0e7908434a76681299.dll
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
d9296a8ed1105c0e7908434a76681299.dll
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
d9296a8ed1105c0e7908434a76681299.dll
-
Size
615KB
-
MD5
d9296a8ed1105c0e7908434a76681299
-
SHA1
593bd26bdc829c7633096d016012ceda1183d3f9
-
SHA256
783dace9ccb4090a09e4f3a229eeeef14246709e25175b0ce0fe749cd736de55
-
SHA512
18cdfff6d26cca2e09513def3800bab8046c1925ab4aff54cd18d6ea604f5f7315a833acbb7c51f9afdb7ebeca4ee6c9b79a0d315f8c23c12fbb4df83407c52d
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1084 wrote to memory of 1568 1084 rundll32.exe 24 PID 1084 wrote to memory of 1568 1084 rundll32.exe 24 PID 1084 wrote to memory of 1568 1084 rundll32.exe 24 PID 1084 wrote to memory of 1568 1084 rundll32.exe 24 PID 1084 wrote to memory of 1568 1084 rundll32.exe 24 PID 1084 wrote to memory of 1568 1084 rundll32.exe 24 PID 1084 wrote to memory of 1568 1084 rundll32.exe 24
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d9296a8ed1105c0e7908434a76681299.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1084 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d9296a8ed1105c0e7908434a76681299.dll,#12⤵PID:1568
-