Analysis
-
max time kernel
4s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:43
Static task
static1
Behavioral task
behavioral1
Sample
6bd1e201968b3b5992d3cea3f705e06037b7296953c44033d8552eb677c308e0.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
6bd1e201968b3b5992d3cea3f705e06037b7296953c44033d8552eb677c308e0.dll
-
Size
184KB
-
MD5
b16ca2019d95d0d42d80c832583bf121
-
SHA1
e9ade72e657260ad9b6a1dacc0764767ad953f69
-
SHA256
6bd1e201968b3b5992d3cea3f705e06037b7296953c44033d8552eb677c308e0
-
SHA512
50bfa869bf9af9e8460b605a372d2c3c338d8e7c63c1d094489b82be459017996cfa27f1f9714bbf6b80612bb600949f9f6bcfd4954d423fc8939f8ceb7608fb
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1824 wrote to memory of 1524 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 1524 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 1524 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 1524 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 1524 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 1524 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 1524 1824 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6bd1e201968b3b5992d3cea3f705e06037b7296953c44033d8552eb677c308e0.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6bd1e201968b3b5992d3cea3f705e06037b7296953c44033d8552eb677c308e0.dll,#12⤵