Analysis
-
max time kernel
14s -
max time network
13s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:38
Static task
static1
Behavioral task
behavioral1
Sample
89aebca26db133724e89f05392a40e3fcedb86ec479de91c0eb8cb7424858319.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
89aebca26db133724e89f05392a40e3fcedb86ec479de91c0eb8cb7424858319.dll
-
Size
184KB
-
MD5
8ce0024af89c19c25ac63aeaa57c91d7
-
SHA1
acf8196e838e16fdaaec5e7c6237c29e6ba8f364
-
SHA256
89aebca26db133724e89f05392a40e3fcedb86ec479de91c0eb8cb7424858319
-
SHA512
52507e2613cfad9f4b0d322da2f0ee7e0cdc105e905ed863423900ce920a4dc9429cc79b0b0f938b928a155109448897a357d1b4e2b2370d44f1aba853c23924
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1340 wrote to memory of 1328 1340 rundll32.exe rundll32.exe PID 1340 wrote to memory of 1328 1340 rundll32.exe rundll32.exe PID 1340 wrote to memory of 1328 1340 rundll32.exe rundll32.exe PID 1340 wrote to memory of 1328 1340 rundll32.exe rundll32.exe PID 1340 wrote to memory of 1328 1340 rundll32.exe rundll32.exe PID 1340 wrote to memory of 1328 1340 rundll32.exe rundll32.exe PID 1340 wrote to memory of 1328 1340 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\89aebca26db133724e89f05392a40e3fcedb86ec479de91c0eb8cb7424858319.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\89aebca26db133724e89f05392a40e3fcedb86ec479de91c0eb8cb7424858319.dll,#12⤵