Analysis
-
max time kernel
4s -
max time network
9s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:41
Static task
static1
Behavioral task
behavioral1
Sample
45d074cb2c98471494bcf5e6b9457619e40a28e640c93e5af34f1bab7c755865.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
45d074cb2c98471494bcf5e6b9457619e40a28e640c93e5af34f1bab7c755865.dll
-
Size
184KB
-
MD5
5fff633f2218865464a4bfc5c7c6bab2
-
SHA1
2114d17ccd3ee9bb7abe9634107e339bfb9e2f11
-
SHA256
45d074cb2c98471494bcf5e6b9457619e40a28e640c93e5af34f1bab7c755865
-
SHA512
3832f559de60c3339616632e740385f231231e7dd3cb597b67d50135ba618cbacd94dea4cc8de42e763ed5838fcf1fc1530a9195e1d455beb6ad9124fea8090d
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1856 wrote to memory of 2012 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 2012 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 2012 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 2012 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 2012 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 2012 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 2012 1856 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\45d074cb2c98471494bcf5e6b9457619e40a28e640c93e5af34f1bab7c755865.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\45d074cb2c98471494bcf5e6b9457619e40a28e640c93e5af34f1bab7c755865.dll,#12⤵