Analysis
-
max time kernel
50s -
max time network
51s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:40
Static task
static1
Behavioral task
behavioral1
Sample
121d7ad19ebd4d1522979a113c7172a7048c1b8945b235e3603bd7ba37a1640a.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
121d7ad19ebd4d1522979a113c7172a7048c1b8945b235e3603bd7ba37a1640a.dll
-
Size
184KB
-
MD5
1d234d1c39fbfb286278ea5a4be6cb00
-
SHA1
d7e5196a2b0a686c54256c153db4b837891da71c
-
SHA256
121d7ad19ebd4d1522979a113c7172a7048c1b8945b235e3603bd7ba37a1640a
-
SHA512
18e7efd1a32a4faa8f6c521780545e27ceb06625609b83cf2a396727b7cd4c5d9d484f6d497b023aaa0a928d179b4747fac7041619371f2fce2c910222b188b6
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1968 wrote to memory of 1112 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 1112 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 1112 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 1112 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 1112 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 1112 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 1112 1968 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\121d7ad19ebd4d1522979a113c7172a7048c1b8945b235e3603bd7ba37a1640a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\121d7ad19ebd4d1522979a113c7172a7048c1b8945b235e3603bd7ba37a1640a.dll,#12⤵