Analysis
-
max time kernel
4s -
max time network
9s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:43
Static task
static1
Behavioral task
behavioral1
Sample
d3dba4b7a6c812268f7042fc2064406e5642efc29244d077253436c980643957.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
d3dba4b7a6c812268f7042fc2064406e5642efc29244d077253436c980643957.dll
-
Size
184KB
-
MD5
caf9b2436305f8527826356b721b72ea
-
SHA1
14fdc878615e00ae9062ba39bb0a07fc02297a5f
-
SHA256
d3dba4b7a6c812268f7042fc2064406e5642efc29244d077253436c980643957
-
SHA512
917e6d9138cc1c88bb0490b91fb308f2e9cb1b2a48af3786b641cf46ab185427fcbf56d033f382b26873f826afb5d86ac16d94cda0ebd627f339f8a137ca9d08
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1056 wrote to memory of 2032 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 2032 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 2032 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 2032 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 2032 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 2032 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 2032 1056 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dba4b7a6c812268f7042fc2064406e5642efc29244d077253436c980643957.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dba4b7a6c812268f7042fc2064406e5642efc29244d077253436c980643957.dll,#12⤵