Analysis
-
max time kernel
121s -
max time network
120s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
15-11-2020 23:14
Static task
static1
Behavioral task
behavioral1
Sample
4b6ea99376bb5f309fb4a1558a7c91a4d33c1b666401219e925d6db3ea26b6b1.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
4b6ea99376bb5f309fb4a1558a7c91a4d33c1b666401219e925d6db3ea26b6b1.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
4b6ea99376bb5f309fb4a1558a7c91a4d33c1b666401219e925d6db3ea26b6b1.dll
-
Size
207KB
-
MD5
0cdd7498da53a4f6c071f1e6213e3de6
-
SHA1
fcecd9d24790ad95ca5fdc0ed13c63cd812dab42
-
SHA256
4b6ea99376bb5f309fb4a1558a7c91a4d33c1b666401219e925d6db3ea26b6b1
-
SHA512
865d32ff80d3aeceb0a1e0023c1048ac4ff92924f7dc3612b41144b82fe8070a7c0e9018e1cda20ae69c0bbc22279fff1ae618bc8e7bc737a835a0a5448add36
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 240 wrote to memory of 308 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 308 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 308 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 308 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 308 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 308 240 rundll32.exe rundll32.exe PID 240 wrote to memory of 308 240 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4b6ea99376bb5f309fb4a1558a7c91a4d33c1b666401219e925d6db3ea26b6b1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:240 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4b6ea99376bb5f309fb4a1558a7c91a4d33c1b666401219e925d6db3ea26b6b1.dll,#12⤵PID:308
-