Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:38
Static task
static1
Behavioral task
behavioral1
Sample
b4b367dd3b9e4a0ad65fd38d50dd5e7925e7320c45477d5e5cb7f418d96e12a7.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
b4b367dd3b9e4a0ad65fd38d50dd5e7925e7320c45477d5e5cb7f418d96e12a7.dll
-
Size
184KB
-
MD5
a0db8e6f654e6cf12ad424771ff55814
-
SHA1
db4c77c79bed908b5e42a8f766df895cfa862b2f
-
SHA256
b4b367dd3b9e4a0ad65fd38d50dd5e7925e7320c45477d5e5cb7f418d96e12a7
-
SHA512
cfea917560f5dbb076f18590006bcbfa76cacec1132d051ca35a404c3f8d7daedc7f7ae075d0ccf88ba68469b7417867ab9c0e4954ae455458f201f74c11bd3e
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1864 wrote to memory of 1216 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1216 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1216 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1216 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1216 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1216 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1216 1864 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b4b367dd3b9e4a0ad65fd38d50dd5e7925e7320c45477d5e5cb7f418d96e12a7.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b4b367dd3b9e4a0ad65fd38d50dd5e7925e7320c45477d5e5cb7f418d96e12a7.dll,#12⤵