Analysis
-
max time kernel
4s -
max time network
9s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:41
Static task
static1
Behavioral task
behavioral1
Sample
3b4a12a9aeedc49fbd70a540aedb21e00672f436343c7555f795d67598502a32.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
3b4a12a9aeedc49fbd70a540aedb21e00672f436343c7555f795d67598502a32.dll
-
Size
236KB
-
MD5
026b3fb90348681aa4573256b97fb2d1
-
SHA1
872dcb020a087b1f428cf8db46c9150cd3845db1
-
SHA256
3b4a12a9aeedc49fbd70a540aedb21e00672f436343c7555f795d67598502a32
-
SHA512
16f68da961bd31eaca91d8bf4fbd23ff093e3fee8b95946036da18d1654be54fcce04be77f7e0fa1533aa0f62539b2bfe889c9a4243b2572c33c1f665db29ce5
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 384 wrote to memory of 1860 384 rundll32.exe rundll32.exe PID 384 wrote to memory of 1860 384 rundll32.exe rundll32.exe PID 384 wrote to memory of 1860 384 rundll32.exe rundll32.exe PID 384 wrote to memory of 1860 384 rundll32.exe rundll32.exe PID 384 wrote to memory of 1860 384 rundll32.exe rundll32.exe PID 384 wrote to memory of 1860 384 rundll32.exe rundll32.exe PID 384 wrote to memory of 1860 384 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b4a12a9aeedc49fbd70a540aedb21e00672f436343c7555f795d67598502a32.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b4a12a9aeedc49fbd70a540aedb21e00672f436343c7555f795d67598502a32.dll,#12⤵