Analysis
-
max time kernel
2s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:41
Static task
static1
Behavioral task
behavioral1
Sample
e4c632bea35bdf0a89b6e01e9e11c59a63564dbebc9279ca77295c7484293f8a.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
e4c632bea35bdf0a89b6e01e9e11c59a63564dbebc9279ca77295c7484293f8a.dll
-
Size
236KB
-
MD5
52da558664138dfb74b3e2b913dc2116
-
SHA1
8ab35e0284d16f46a25ba0175e46877f86e0bc63
-
SHA256
e4c632bea35bdf0a89b6e01e9e11c59a63564dbebc9279ca77295c7484293f8a
-
SHA512
5f2b947d100dd0f239d3d356e9050208b2ed08d99a8cf1b8f1ec52104e38bcb03caffbcc17646f727353643e40f9041566fabe7e8e566080b811ffb4b1069574
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 784 wrote to memory of 1508 784 rundll32.exe rundll32.exe PID 784 wrote to memory of 1508 784 rundll32.exe rundll32.exe PID 784 wrote to memory of 1508 784 rundll32.exe rundll32.exe PID 784 wrote to memory of 1508 784 rundll32.exe rundll32.exe PID 784 wrote to memory of 1508 784 rundll32.exe rundll32.exe PID 784 wrote to memory of 1508 784 rundll32.exe rundll32.exe PID 784 wrote to memory of 1508 784 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e4c632bea35bdf0a89b6e01e9e11c59a63564dbebc9279ca77295c7484293f8a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e4c632bea35bdf0a89b6e01e9e11c59a63564dbebc9279ca77295c7484293f8a.dll,#12⤵