Analysis
-
max time kernel
43s -
max time network
44s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:41
Static task
static1
Behavioral task
behavioral1
Sample
5db3ff6cbc134f2e8b4099fcf4d7a8ee81437c33c45967db8acb884c1bff969d.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
5db3ff6cbc134f2e8b4099fcf4d7a8ee81437c33c45967db8acb884c1bff969d.dll
-
Size
236KB
-
MD5
5129d2d185e0f0d04a8c26fe68ca7ab4
-
SHA1
e783713aac829655032df4315e8810940f74a9b4
-
SHA256
5db3ff6cbc134f2e8b4099fcf4d7a8ee81437c33c45967db8acb884c1bff969d
-
SHA512
cf3fa06110a791cc86bf92440e2a46710ae73ac6971ec1374a3a6d33ef0556e83458498d0beb7800cfea40aa35b3cbd2341deb66963ea8e8003b57a8bffef09a
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 744 wrote to memory of 1924 744 rundll32.exe rundll32.exe PID 744 wrote to memory of 1924 744 rundll32.exe rundll32.exe PID 744 wrote to memory of 1924 744 rundll32.exe rundll32.exe PID 744 wrote to memory of 1924 744 rundll32.exe rundll32.exe PID 744 wrote to memory of 1924 744 rundll32.exe rundll32.exe PID 744 wrote to memory of 1924 744 rundll32.exe rundll32.exe PID 744 wrote to memory of 1924 744 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5db3ff6cbc134f2e8b4099fcf4d7a8ee81437c33c45967db8acb884c1bff969d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5db3ff6cbc134f2e8b4099fcf4d7a8ee81437c33c45967db8acb884c1bff969d.dll,#12⤵