Analysis
-
max time kernel
44s -
max time network
45s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:38
Static task
static1
Behavioral task
behavioral1
Sample
5e3f6ff51ef7442ac751ca3466909f53eae2be3a99357a450fe0d95e35b6136c.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
5e3f6ff51ef7442ac751ca3466909f53eae2be3a99357a450fe0d95e35b6136c.dll
-
Size
184KB
-
MD5
c38a7858fc7fbe80afb8b38513fcbdf8
-
SHA1
ca13e74b463413c6c4ff7f6ce43ea17b0e349fc7
-
SHA256
5e3f6ff51ef7442ac751ca3466909f53eae2be3a99357a450fe0d95e35b6136c
-
SHA512
59490ee1d87ad714fb0c4f209945d80bc3c77ec968f101b69232dfb84b2b0085e948b20e87b63f90ec9760189e78f59390deff0613772a1acdd83619f663e7e4
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 792 wrote to memory of 1508 792 rundll32.exe rundll32.exe PID 792 wrote to memory of 1508 792 rundll32.exe rundll32.exe PID 792 wrote to memory of 1508 792 rundll32.exe rundll32.exe PID 792 wrote to memory of 1508 792 rundll32.exe rundll32.exe PID 792 wrote to memory of 1508 792 rundll32.exe rundll32.exe PID 792 wrote to memory of 1508 792 rundll32.exe rundll32.exe PID 792 wrote to memory of 1508 792 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5e3f6ff51ef7442ac751ca3466909f53eae2be3a99357a450fe0d95e35b6136c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5e3f6ff51ef7442ac751ca3466909f53eae2be3a99357a450fe0d95e35b6136c.dll,#12⤵