Analysis
-
max time kernel
53s -
max time network
52s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:38
Static task
static1
Behavioral task
behavioral1
Sample
672fc5a14cc12211d414b79af4e068bacd981e67d94a0d897e24080cb2819ad8.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
672fc5a14cc12211d414b79af4e068bacd981e67d94a0d897e24080cb2819ad8.dll
-
Size
184KB
-
MD5
267d408d2b1225770e4048385935cdc2
-
SHA1
f81305adfc6e8aef37e5cde14976be709570502f
-
SHA256
672fc5a14cc12211d414b79af4e068bacd981e67d94a0d897e24080cb2819ad8
-
SHA512
b41d57a0a2144dfd872e59a87c58a0d7b152ab47348e702ee186bb0e06b900e6772be8ed7bdf209d3e8af89668ee2d27d5f0a2b17607358d81a9e77cfcb9f48e
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1040 wrote to memory of 1780 1040 rundll32.exe rundll32.exe PID 1040 wrote to memory of 1780 1040 rundll32.exe rundll32.exe PID 1040 wrote to memory of 1780 1040 rundll32.exe rundll32.exe PID 1040 wrote to memory of 1780 1040 rundll32.exe rundll32.exe PID 1040 wrote to memory of 1780 1040 rundll32.exe rundll32.exe PID 1040 wrote to memory of 1780 1040 rundll32.exe rundll32.exe PID 1040 wrote to memory of 1780 1040 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\672fc5a14cc12211d414b79af4e068bacd981e67d94a0d897e24080cb2819ad8.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\672fc5a14cc12211d414b79af4e068bacd981e67d94a0d897e24080cb2819ad8.dll,#12⤵