Analysis
-
max time kernel
5s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
08-04-2021 08:02
Static task
static1
Behavioral task
behavioral1
Sample
c1c6e422f9ffc4da10928229be0f49c0.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
c1c6e422f9ffc4da10928229be0f49c0.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
c1c6e422f9ffc4da10928229be0f49c0.dll
-
Size
128KB
-
MD5
c1c6e422f9ffc4da10928229be0f49c0
-
SHA1
7604e58ff90d4096ae24f40550d9dee76995ca02
-
SHA256
cd9faa5dd13494bedf249395430e81f48325403403b59f319f36876c10170103
-
SHA512
af239504abb8b77f4a2023eb224e68766f06a7a932549b45ad8088418db5fbfa05d383bf35b3800d47fae57a2d276485f51da23c19f2bce3a71035bb1116c686
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1084 wrote to memory of 1984 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1984 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1984 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1984 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1984 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1984 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1984 1084 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c1c6e422f9ffc4da10928229be0f49c0.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c1c6e422f9ffc4da10928229be0f49c0.dll,#12⤵