Analysis
-
max time kernel
2s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:43
Static task
static1
Behavioral task
behavioral1
Sample
eb16fefb1b984bc98400ae037907368abfe7f0554f7332021afb796927bcd107.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
eb16fefb1b984bc98400ae037907368abfe7f0554f7332021afb796927bcd107.dll
-
Size
184KB
-
MD5
be4cabf732e8c8c0a31d2bf775a0817c
-
SHA1
e81fdc310eda4b973b17881745898b6b2ce92960
-
SHA256
eb16fefb1b984bc98400ae037907368abfe7f0554f7332021afb796927bcd107
-
SHA512
f64b8405e4599b6c70769fae3782097fbf0a104d7ea462b4380f55b0c7f20604adbf3aaf3ea9203a3c3d8344ee0328ac3aba72ae3e0ebd529fce6810449a42be
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2028 wrote to memory of 1688 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 1688 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 1688 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 1688 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 1688 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 1688 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 1688 2028 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\eb16fefb1b984bc98400ae037907368abfe7f0554f7332021afb796927bcd107.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\eb16fefb1b984bc98400ae037907368abfe7f0554f7332021afb796927bcd107.dll,#12⤵