Analysis
-
max time kernel
3s -
max time network
9s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:41
Static task
static1
Behavioral task
behavioral1
Sample
37f273d810a27f50f78d453bf80d89696a598ae6aac897c4fef8f5824b12416b.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
37f273d810a27f50f78d453bf80d89696a598ae6aac897c4fef8f5824b12416b.dll
-
Size
236KB
-
MD5
c481096535509418ca2f85c4d85ac3fb
-
SHA1
0cb1779f09887d093dfe4f662e1f5955f2ab8010
-
SHA256
37f273d810a27f50f78d453bf80d89696a598ae6aac897c4fef8f5824b12416b
-
SHA512
c64ce185e569f6292d765101eb36320dd789cc286a36e47c118b5bbc5892051702320999170cb1189a76e3437943ade044352e6cf301e60d28cc79f3c126b32f
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1044 wrote to memory of 1992 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 1992 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 1992 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 1992 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 1992 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 1992 1044 rundll32.exe rundll32.exe PID 1044 wrote to memory of 1992 1044 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\37f273d810a27f50f78d453bf80d89696a598ae6aac897c4fef8f5824b12416b.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\37f273d810a27f50f78d453bf80d89696a598ae6aac897c4fef8f5824b12416b.dll,#12⤵