Analysis
-
max time kernel
4s -
max time network
9s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:37
Static task
static1
Behavioral task
behavioral1
Sample
85960b6b7def7d0baa4b28cfd510098672619925ff8b9870eb07a1fba1a5d610.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
85960b6b7def7d0baa4b28cfd510098672619925ff8b9870eb07a1fba1a5d610.dll
-
Size
184KB
-
MD5
63e20197fee7db8f481128f4999236e8
-
SHA1
b862f2fc352a5fb1c0ef6c03f4ebb199cf9a7bf9
-
SHA256
85960b6b7def7d0baa4b28cfd510098672619925ff8b9870eb07a1fba1a5d610
-
SHA512
7bdb1b6e23babdba2db85060bef177e761f7c09b8f3783076f25f249f0e94f1de91d3e4a675baa229114ddaeb64fee986a89639b7d3b34a5abb81af0939afbaf
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1752 wrote to memory of 1628 1752 rundll32.exe rundll32.exe PID 1752 wrote to memory of 1628 1752 rundll32.exe rundll32.exe PID 1752 wrote to memory of 1628 1752 rundll32.exe rundll32.exe PID 1752 wrote to memory of 1628 1752 rundll32.exe rundll32.exe PID 1752 wrote to memory of 1628 1752 rundll32.exe rundll32.exe PID 1752 wrote to memory of 1628 1752 rundll32.exe rundll32.exe PID 1752 wrote to memory of 1628 1752 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\85960b6b7def7d0baa4b28cfd510098672619925ff8b9870eb07a1fba1a5d610.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\85960b6b7def7d0baa4b28cfd510098672619925ff8b9870eb07a1fba1a5d610.dll,#12⤵