Analysis
-
max time kernel
44s -
max time network
45s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:41
Static task
static1
Behavioral task
behavioral1
Sample
ee6d87f164732da83b1ecc15fb0458280e6bfa139e02f0a02ca5907387b690d2.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
ee6d87f164732da83b1ecc15fb0458280e6bfa139e02f0a02ca5907387b690d2.dll
-
Size
236KB
-
MD5
94c509cf2fefddd9b73fa48ee3faf536
-
SHA1
20e85d5a110b397637d2e93c7781253c4ac7f06e
-
SHA256
ee6d87f164732da83b1ecc15fb0458280e6bfa139e02f0a02ca5907387b690d2
-
SHA512
643165cc7cb94ec69d3a85da125c79e93dbb5b10c1b1730cb5287070a5158ef13623f7aeea60cd182a067735a5cc23460769b8a22eb6b835f2b6e6d84c90fd8f
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 892 wrote to memory of 928 892 rundll32.exe rundll32.exe PID 892 wrote to memory of 928 892 rundll32.exe rundll32.exe PID 892 wrote to memory of 928 892 rundll32.exe rundll32.exe PID 892 wrote to memory of 928 892 rundll32.exe rundll32.exe PID 892 wrote to memory of 928 892 rundll32.exe rundll32.exe PID 892 wrote to memory of 928 892 rundll32.exe rundll32.exe PID 892 wrote to memory of 928 892 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ee6d87f164732da83b1ecc15fb0458280e6bfa139e02f0a02ca5907387b690d2.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ee6d87f164732da83b1ecc15fb0458280e6bfa139e02f0a02ca5907387b690d2.dll,#12⤵