Analysis
-
max time kernel
23s -
max time network
24s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:43
Static task
static1
Behavioral task
behavioral1
Sample
b6c6d1bf5295933f56a238132542583d533db64806c4bdbfab42ee512aa8136a.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
b6c6d1bf5295933f56a238132542583d533db64806c4bdbfab42ee512aa8136a.dll
-
Size
184KB
-
MD5
fb43a3f72e452ba57739569c5dd9df9f
-
SHA1
18c1a94b6d87a5ebd703ef978d01a0b9cd4e96f4
-
SHA256
b6c6d1bf5295933f56a238132542583d533db64806c4bdbfab42ee512aa8136a
-
SHA512
1aa0a36f866c11c18bbae1b3b4bd5d180ad4cbe5f83ae8052d8549614e8330d94a3971c230d5a35fc2baa1138c8436669b92b62ff2b9f8cf7eedb29080397eba
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2008 wrote to memory of 1376 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1376 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1376 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1376 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1376 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1376 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 1376 2008 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b6c6d1bf5295933f56a238132542583d533db64806c4bdbfab42ee512aa8136a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b6c6d1bf5295933f56a238132542583d533db64806c4bdbfab42ee512aa8136a.dll,#12⤵