Analysis
-
max time kernel
3s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:41
Static task
static1
Behavioral task
behavioral1
Sample
92773358e741e1cb54338029554204113fd1488e7ee54fb6f0ff562313fc8ec0.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
92773358e741e1cb54338029554204113fd1488e7ee54fb6f0ff562313fc8ec0.dll
-
Size
236KB
-
MD5
58d1f031b399275612762891729c55b5
-
SHA1
97bc8dc7cd5e965b82b9bc5ae0d65fc562a13f28
-
SHA256
92773358e741e1cb54338029554204113fd1488e7ee54fb6f0ff562313fc8ec0
-
SHA512
515e1d0ef37e36b5662940dea5b19ffca9880b61ccc30ad754e75c81c52a411c55f027297103fddec85c3928223cdc98ca2c4ffe8307f9dd6a611e12187ca043
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 644 wrote to memory of 2004 644 rundll32.exe rundll32.exe PID 644 wrote to memory of 2004 644 rundll32.exe rundll32.exe PID 644 wrote to memory of 2004 644 rundll32.exe rundll32.exe PID 644 wrote to memory of 2004 644 rundll32.exe rundll32.exe PID 644 wrote to memory of 2004 644 rundll32.exe rundll32.exe PID 644 wrote to memory of 2004 644 rundll32.exe rundll32.exe PID 644 wrote to memory of 2004 644 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\92773358e741e1cb54338029554204113fd1488e7ee54fb6f0ff562313fc8ec0.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\92773358e741e1cb54338029554204113fd1488e7ee54fb6f0ff562313fc8ec0.dll,#12⤵