Analysis
-
max time kernel
3s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-02-2021 12:42
Static task
static1
Behavioral task
behavioral1
Sample
5f6a9a44da8044f5babb0467bd6a92467b5d2b83cf99b2d6ce4c023f07fa6de1.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
5f6a9a44da8044f5babb0467bd6a92467b5d2b83cf99b2d6ce4c023f07fa6de1.dll
-
Size
236KB
-
MD5
1d10764dc5d7ef6779d7de0260586848
-
SHA1
844da9292729969d262fdacd3f326e86e1bcec46
-
SHA256
5f6a9a44da8044f5babb0467bd6a92467b5d2b83cf99b2d6ce4c023f07fa6de1
-
SHA512
9613784d489291fc26991d0a86edb99b4241eff6d246dc0e5aa12b1868d8879ecea1fe839e4860764e7149fd285e269595113ea5aa53a9a3e432794f6fab3cbf
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 792 wrote to memory of 2004 792 rundll32.exe rundll32.exe PID 792 wrote to memory of 2004 792 rundll32.exe rundll32.exe PID 792 wrote to memory of 2004 792 rundll32.exe rundll32.exe PID 792 wrote to memory of 2004 792 rundll32.exe rundll32.exe PID 792 wrote to memory of 2004 792 rundll32.exe rundll32.exe PID 792 wrote to memory of 2004 792 rundll32.exe rundll32.exe PID 792 wrote to memory of 2004 792 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5f6a9a44da8044f5babb0467bd6a92467b5d2b83cf99b2d6ce4c023f07fa6de1.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5f6a9a44da8044f5babb0467bd6a92467b5d2b83cf99b2d6ce4c023f07fa6de1.dll,#12⤵