Analysis
-
max time kernel
2s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:38
Static task
static1
Behavioral task
behavioral1
Sample
247990eb21ecb960466dd9fd563f2eeee3e1a8e4d2950f02c84f2878d2ecc3a3.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
247990eb21ecb960466dd9fd563f2eeee3e1a8e4d2950f02c84f2878d2ecc3a3.dll
-
Size
184KB
-
MD5
a6c77748fa1656c4d185a1d074394eb0
-
SHA1
3004a2a9bf1975a31dd880470ba46de32862fb44
-
SHA256
247990eb21ecb960466dd9fd563f2eeee3e1a8e4d2950f02c84f2878d2ecc3a3
-
SHA512
cd0b3c21b3e57eb81286dcace300330f0bc995753e4d81fa7f4fde6746109eef5aaef2477b376135a9b404527773ec9ff98198f9fb9559f38f56a75f5cea5b64
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 776 wrote to memory of 1948 776 rundll32.exe rundll32.exe PID 776 wrote to memory of 1948 776 rundll32.exe rundll32.exe PID 776 wrote to memory of 1948 776 rundll32.exe rundll32.exe PID 776 wrote to memory of 1948 776 rundll32.exe rundll32.exe PID 776 wrote to memory of 1948 776 rundll32.exe rundll32.exe PID 776 wrote to memory of 1948 776 rundll32.exe rundll32.exe PID 776 wrote to memory of 1948 776 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\247990eb21ecb960466dd9fd563f2eeee3e1a8e4d2950f02c84f2878d2ecc3a3.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\247990eb21ecb960466dd9fd563f2eeee3e1a8e4d2950f02c84f2878d2ecc3a3.dll,#12⤵