Analysis
-
max time kernel
3s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:39
Static task
static1
Behavioral task
behavioral1
Sample
470dc4e56a42293f7c637252006cf961f10e1d1daded14a3751efbe91397dc23.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
470dc4e56a42293f7c637252006cf961f10e1d1daded14a3751efbe91397dc23.dll
-
Size
184KB
-
MD5
26afd03dc3a20ddd6e63a0f69d863bef
-
SHA1
994bb5df31011eb297b3e9fa2a6d4873aefc4b64
-
SHA256
470dc4e56a42293f7c637252006cf961f10e1d1daded14a3751efbe91397dc23
-
SHA512
2d01cc0a3fb441c951b413d21a38b7433397ae329b28fe2e1282cfd4830679194930197532030c7d1f131b00c310ab274b9e79e6d3098d5eaa7cf9781b3e099d
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 544 wrote to memory of 1876 544 rundll32.exe rundll32.exe PID 544 wrote to memory of 1876 544 rundll32.exe rundll32.exe PID 544 wrote to memory of 1876 544 rundll32.exe rundll32.exe PID 544 wrote to memory of 1876 544 rundll32.exe rundll32.exe PID 544 wrote to memory of 1876 544 rundll32.exe rundll32.exe PID 544 wrote to memory of 1876 544 rundll32.exe rundll32.exe PID 544 wrote to memory of 1876 544 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\470dc4e56a42293f7c637252006cf961f10e1d1daded14a3751efbe91397dc23.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\470dc4e56a42293f7c637252006cf961f10e1d1daded14a3751efbe91397dc23.dll,#12⤵