Analysis
-
max time kernel
2s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
31-03-2021 08:17
Behavioral task
behavioral1
Sample
a353dfb1b5eb69808244356cf9a784181c53eea2cb3f254749fa19c307c30cfc.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
a353dfb1b5eb69808244356cf9a784181c53eea2cb3f254749fa19c307c30cfc.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
a353dfb1b5eb69808244356cf9a784181c53eea2cb3f254749fa19c307c30cfc.dll
-
Size
68KB
-
MD5
08872d5cfea82b5e0ccbea0392013acc
-
SHA1
fff6a5844df8e60213214fbbe687e86fd2d34a93
-
SHA256
a353dfb1b5eb69808244356cf9a784181c53eea2cb3f254749fa19c307c30cfc
-
SHA512
34232c94f92f491f0ee73717a4ca4df339adc74ff0bf2b1e7fe24d4f4ba015dba7f91b03c2becfa196d32967d0ab204086a894b26d43f251a96cbbe1563b8ede
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1832 wrote to memory of 1912 1832 rundll32.exe 20 PID 1832 wrote to memory of 1912 1832 rundll32.exe 20 PID 1832 wrote to memory of 1912 1832 rundll32.exe 20 PID 1832 wrote to memory of 1912 1832 rundll32.exe 20 PID 1832 wrote to memory of 1912 1832 rundll32.exe 20 PID 1832 wrote to memory of 1912 1832 rundll32.exe 20 PID 1832 wrote to memory of 1912 1832 rundll32.exe 20
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a353dfb1b5eb69808244356cf9a784181c53eea2cb3f254749fa19c307c30cfc.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1832 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a353dfb1b5eb69808244356cf9a784181c53eea2cb3f254749fa19c307c30cfc.dll,#12⤵PID:1912
-