Analysis
-
max time kernel
2s -
max time network
9s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:41
Static task
static1
Behavioral task
behavioral1
Sample
f0c14a1a0525577bbc3c75e57003ddb6ec7b776f5eb06e03eb30036576ae56a1.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
f0c14a1a0525577bbc3c75e57003ddb6ec7b776f5eb06e03eb30036576ae56a1.dll
-
Size
236KB
-
MD5
c4f48e25bb35b84ff558d8142bde78ff
-
SHA1
22d702d5d2a28416b364f42ee1bf3dc6392a46a2
-
SHA256
f0c14a1a0525577bbc3c75e57003ddb6ec7b776f5eb06e03eb30036576ae56a1
-
SHA512
8229a94424dd728f922e2e75b4db26efa6530a3a297c113602fdf6398f91a853c21a9566f12dd4fc0171372842ee2faed54be6db4738e5b6bdc7fd3f7338e936
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1636 wrote to memory of 1144 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1144 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1144 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1144 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1144 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1144 1636 rundll32.exe rundll32.exe PID 1636 wrote to memory of 1144 1636 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f0c14a1a0525577bbc3c75e57003ddb6ec7b776f5eb06e03eb30036576ae56a1.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f0c14a1a0525577bbc3c75e57003ddb6ec7b776f5eb06e03eb30036576ae56a1.dll,#12⤵