Analysis
-
max time kernel
3s -
max time network
9s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:41
Static task
static1
Behavioral task
behavioral1
Sample
a22b68872fb1e3f66c54888895296f576d9d190135f300fbbb309839d40d72e0.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
a22b68872fb1e3f66c54888895296f576d9d190135f300fbbb309839d40d72e0.dll
-
Size
236KB
-
MD5
77d53d56c65d36213b1e9efec390fa60
-
SHA1
52aec395b4d7107eae1b3045b7b006e22e999a5b
-
SHA256
a22b68872fb1e3f66c54888895296f576d9d190135f300fbbb309839d40d72e0
-
SHA512
baa18d5785e4b35716c6ac3fc3a4cda90c18720cb5ddad885c8b2dd63c475345400b766ff175ec5da2780a7f462379e89bee868f6cd06e2920aaf923f75a8190
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1812 wrote to memory of 1340 1812 rundll32.exe rundll32.exe PID 1812 wrote to memory of 1340 1812 rundll32.exe rundll32.exe PID 1812 wrote to memory of 1340 1812 rundll32.exe rundll32.exe PID 1812 wrote to memory of 1340 1812 rundll32.exe rundll32.exe PID 1812 wrote to memory of 1340 1812 rundll32.exe rundll32.exe PID 1812 wrote to memory of 1340 1812 rundll32.exe rundll32.exe PID 1812 wrote to memory of 1340 1812 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a22b68872fb1e3f66c54888895296f576d9d190135f300fbbb309839d40d72e0.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a22b68872fb1e3f66c54888895296f576d9d190135f300fbbb309839d40d72e0.dll,#12⤵