Analysis
-
max time kernel
60s -
max time network
50s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:38
Static task
static1
Behavioral task
behavioral1
Sample
12b7d284bad00fcbad6d13f56ee58085aa82e7ae5aa968fd6bdc4d04d63c9be7.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
12b7d284bad00fcbad6d13f56ee58085aa82e7ae5aa968fd6bdc4d04d63c9be7.dll
-
Size
184KB
-
MD5
ff2c92b08cbf9fee624c7ff02e368737
-
SHA1
daadb094e5179e269c959e3e2324b4fd6eae94b9
-
SHA256
12b7d284bad00fcbad6d13f56ee58085aa82e7ae5aa968fd6bdc4d04d63c9be7
-
SHA512
74ee9f6acecb946280576f25c8e3a0cc4d61e45cd01a7ffc5c60edb597becbb472ff1ce805349309b2e5e7605f5d27596c8f992fb5129a71c5581403751508d7
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1968 wrote to memory of 2040 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 2040 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 2040 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 2040 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 2040 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 2040 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 2040 1968 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\12b7d284bad00fcbad6d13f56ee58085aa82e7ae5aa968fd6bdc4d04d63c9be7.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\12b7d284bad00fcbad6d13f56ee58085aa82e7ae5aa968fd6bdc4d04d63c9be7.dll,#12⤵