Analysis
-
max time kernel
23s -
max time network
26s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:37
Static task
static1
Behavioral task
behavioral1
Sample
d9c690d50ba6f0e1c473a5583625d7c65e3305c6986321224bf6957e765adfda.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
d9c690d50ba6f0e1c473a5583625d7c65e3305c6986321224bf6957e765adfda.dll
-
Size
184KB
-
MD5
6b4719b51b8c5555726af0912957ee07
-
SHA1
b1945b6d2f6b4fe32363a2340a457e07396b36cd
-
SHA256
d9c690d50ba6f0e1c473a5583625d7c65e3305c6986321224bf6957e765adfda
-
SHA512
0ae086d1ce277945a8437a27235daf45fd7b177da4526637c9c75ac75714aa82e50a2706e5f4fcfffa7dc23081e633179e2d21e13c58b272aea3334a4f855e06
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2008 wrote to memory of 904 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 904 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 904 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 904 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 904 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 904 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 904 2008 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d9c690d50ba6f0e1c473a5583625d7c65e3305c6986321224bf6957e765adfda.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d9c690d50ba6f0e1c473a5583625d7c65e3305c6986321224bf6957e765adfda.dll,#12⤵