Analysis
-
max time kernel
40s -
max time network
39s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:38
Static task
static1
Behavioral task
behavioral1
Sample
12108d5a8e0e5567400e3bfed061aef2dd77961afb49683ced1f4105da1dc530.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
12108d5a8e0e5567400e3bfed061aef2dd77961afb49683ced1f4105da1dc530.dll
-
Size
184KB
-
MD5
f10a322e3dd5128ed4977f70a86aa070
-
SHA1
8ec3ce47b9b9c18afeab7f83156bec8b028faa57
-
SHA256
12108d5a8e0e5567400e3bfed061aef2dd77961afb49683ced1f4105da1dc530
-
SHA512
8d905d54acf1753fb8f956270966e927a722ef3ee8b7c28109e4d8eb13436cd26a7264cb649e49e173550d0c75cd4de9876b008c770f1de31df2d9d5648b9f1c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1940 wrote to memory of 2040 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 2040 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 2040 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 2040 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 2040 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 2040 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 2040 1940 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\12108d5a8e0e5567400e3bfed061aef2dd77961afb49683ced1f4105da1dc530.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\12108d5a8e0e5567400e3bfed061aef2dd77961afb49683ced1f4105da1dc530.dll,#12⤵