Analysis
-
max time kernel
22s -
max time network
24s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:37
Static task
static1
Behavioral task
behavioral1
Sample
b770687fd98f28f577b713654f53b854baeefe8603ba1f05d24a7b10d9c54349.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
b770687fd98f28f577b713654f53b854baeefe8603ba1f05d24a7b10d9c54349.dll
-
Size
184KB
-
MD5
0db6d660230cc089d32b44f78912988b
-
SHA1
efbeabcec10003e3a608a292301b35aa2a651e10
-
SHA256
b770687fd98f28f577b713654f53b854baeefe8603ba1f05d24a7b10d9c54349
-
SHA512
e69f8a4c744347597302391470e5087b8c891470067cc979c37efa61bc1d764b49ba57e87f96db020108d6f221cf2b527e3dc6584f4b53bf037e11f93d46df50
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1596 wrote to memory of 1172 1596 rundll32.exe rundll32.exe PID 1596 wrote to memory of 1172 1596 rundll32.exe rundll32.exe PID 1596 wrote to memory of 1172 1596 rundll32.exe rundll32.exe PID 1596 wrote to memory of 1172 1596 rundll32.exe rundll32.exe PID 1596 wrote to memory of 1172 1596 rundll32.exe rundll32.exe PID 1596 wrote to memory of 1172 1596 rundll32.exe rundll32.exe PID 1596 wrote to memory of 1172 1596 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b770687fd98f28f577b713654f53b854baeefe8603ba1f05d24a7b10d9c54349.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b770687fd98f28f577b713654f53b854baeefe8603ba1f05d24a7b10d9c54349.dll,#12⤵