Analysis
-
max time kernel
4s -
max time network
9s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:39
Static task
static1
Behavioral task
behavioral1
Sample
21dd54f0c00482b312374fb06e38686b519aa235a9f97de4d3df01039cb1df60.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
21dd54f0c00482b312374fb06e38686b519aa235a9f97de4d3df01039cb1df60.dll
-
Size
184KB
-
MD5
589272522ce380ce8b22d3f85e34200e
-
SHA1
25230760429e4630ab478efe9843a7e758d56588
-
SHA256
21dd54f0c00482b312374fb06e38686b519aa235a9f97de4d3df01039cb1df60
-
SHA512
5d7512684be5b6a8c4b4f198e4822f9a51c54c8ae3c8e5832105bc5a82836d429b2f6d5bea49c4d027101c1b5510affb9683f30cf7572bac73eb12b88327d83b
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1056 wrote to memory of 2000 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 2000 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 2000 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 2000 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 2000 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 2000 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 2000 1056 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\21dd54f0c00482b312374fb06e38686b519aa235a9f97de4d3df01039cb1df60.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\21dd54f0c00482b312374fb06e38686b519aa235a9f97de4d3df01039cb1df60.dll,#12⤵