Analysis
-
max time kernel
3s -
max time network
9s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:42
Static task
static1
Behavioral task
behavioral1
Sample
101454f3f84ffb012a53117d91d6dcb5a264606a38f53d3b2129bcc52d961d23.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
101454f3f84ffb012a53117d91d6dcb5a264606a38f53d3b2129bcc52d961d23.dll
-
Size
184KB
-
MD5
1b143d8f2933ef1c0930fd259d9ff0d7
-
SHA1
86727ab02b675aaa3c4b21c5a5ce382c523785da
-
SHA256
101454f3f84ffb012a53117d91d6dcb5a264606a38f53d3b2129bcc52d961d23
-
SHA512
969a9a80447f12e76e4e1f0e7d7496dafda3d363e341c90425d520b38772a22268635950d84980400a89aa4eeecc0be575c5717d0baf740a5f3d98eea2d721d5
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1072 wrote to memory of 284 1072 rundll32.exe rundll32.exe PID 1072 wrote to memory of 284 1072 rundll32.exe rundll32.exe PID 1072 wrote to memory of 284 1072 rundll32.exe rundll32.exe PID 1072 wrote to memory of 284 1072 rundll32.exe rundll32.exe PID 1072 wrote to memory of 284 1072 rundll32.exe rundll32.exe PID 1072 wrote to memory of 284 1072 rundll32.exe rundll32.exe PID 1072 wrote to memory of 284 1072 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\101454f3f84ffb012a53117d91d6dcb5a264606a38f53d3b2129bcc52d961d23.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\101454f3f84ffb012a53117d91d6dcb5a264606a38f53d3b2129bcc52d961d23.dll,#12⤵