Analysis
-
max time kernel
40s -
max time network
42s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:43
Static task
static1
Behavioral task
behavioral1
Sample
cd2d58d795b516124d1c604e1e9e52cf5f4808427da730afe93403ef53af5c35.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
cd2d58d795b516124d1c604e1e9e52cf5f4808427da730afe93403ef53af5c35.dll
-
Size
184KB
-
MD5
11b62e9d856e4eed343202bb4e517290
-
SHA1
5f131cdde7e7d32d8187c8699c17128260b6a15a
-
SHA256
cd2d58d795b516124d1c604e1e9e52cf5f4808427da730afe93403ef53af5c35
-
SHA512
251465d5204a99fbb329a499b0df1557cf7db519abcdfd95f8bde7dac791ac6c0f390ae248191d3684541f3a51708d467e04eb20973794b478bb55ebb3f7c047
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1088 wrote to memory of 1888 1088 rundll32.exe rundll32.exe PID 1088 wrote to memory of 1888 1088 rundll32.exe rundll32.exe PID 1088 wrote to memory of 1888 1088 rundll32.exe rundll32.exe PID 1088 wrote to memory of 1888 1088 rundll32.exe rundll32.exe PID 1088 wrote to memory of 1888 1088 rundll32.exe rundll32.exe PID 1088 wrote to memory of 1888 1088 rundll32.exe rundll32.exe PID 1088 wrote to memory of 1888 1088 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cd2d58d795b516124d1c604e1e9e52cf5f4808427da730afe93403ef53af5c35.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cd2d58d795b516124d1c604e1e9e52cf5f4808427da730afe93403ef53af5c35.dll,#12⤵