Analysis
-
max time kernel
28s -
max time network
29s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:43
Static task
static1
Behavioral task
behavioral1
Sample
78c36e19789e166be3e7a63d781b5f5cecebfff699282f068c1e0c88e713379f.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
78c36e19789e166be3e7a63d781b5f5cecebfff699282f068c1e0c88e713379f.dll
-
Size
184KB
-
MD5
2eb45fadc94050676178814c2b1e831a
-
SHA1
245465010c36455ddb17b22608451f5ceb0c43fc
-
SHA256
78c36e19789e166be3e7a63d781b5f5cecebfff699282f068c1e0c88e713379f
-
SHA512
0d91ae9be2e96a60deefdbc9e3cf38738988d0299a105b96ccb2df079aced9046c1c86cdc4aa517c8a4043aa753dcecc7c932e2ea487421e406311148fa0e99d
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 744 wrote to memory of 1924 744 rundll32.exe rundll32.exe PID 744 wrote to memory of 1924 744 rundll32.exe rundll32.exe PID 744 wrote to memory of 1924 744 rundll32.exe rundll32.exe PID 744 wrote to memory of 1924 744 rundll32.exe rundll32.exe PID 744 wrote to memory of 1924 744 rundll32.exe rundll32.exe PID 744 wrote to memory of 1924 744 rundll32.exe rundll32.exe PID 744 wrote to memory of 1924 744 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\78c36e19789e166be3e7a63d781b5f5cecebfff699282f068c1e0c88e713379f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\78c36e19789e166be3e7a63d781b5f5cecebfff699282f068c1e0c88e713379f.dll,#12⤵