Analysis
-
max time kernel
4s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:38
Static task
static1
Behavioral task
behavioral1
Sample
34c15356ca0483930ee72707b555906d9d38f8ef1538549dbba956e49064cd4d.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
34c15356ca0483930ee72707b555906d9d38f8ef1538549dbba956e49064cd4d.dll
-
Size
184KB
-
MD5
fdc36f25bd1f09d6ac2c4bef3ae618a0
-
SHA1
22c0a94835be62ba0d63ad0771bcd3bfa0d24128
-
SHA256
34c15356ca0483930ee72707b555906d9d38f8ef1538549dbba956e49064cd4d
-
SHA512
a236100b5e0ecbcde42700e6a46382fa02cef4237473778e57f253b1d9ad7585b2f9654dff0bd8f553a43dba6b85c288db1c434739749f175b05432ae072c310
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1832 wrote to memory of 1100 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1100 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1100 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1100 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1100 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1100 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1100 1832 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\34c15356ca0483930ee72707b555906d9d38f8ef1538549dbba956e49064cd4d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\34c15356ca0483930ee72707b555906d9d38f8ef1538549dbba956e49064cd4d.dll,#12⤵