Analysis
-
max time kernel
11s -
max time network
13s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
06-05-2021 16:14
Static task
static1
Behavioral task
behavioral1
Sample
Intelx6.hl.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Intelx6.dll
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
Intelx6.dll
-
Size
497KB
-
MD5
a1be68f700288e8e145808c9e8f73600
-
SHA1
a4f0283ba02978d64df096339569359465abdaaf
-
SHA256
6b35069995b3e8bd6daa635779226f199a7c3a7114ea56e5bfa7660d0d706f9e
-
SHA512
12a35031ea1b70490516e6eae3bf19793be3f63bdd9fa4798072de1dc92170eaea042b73b8d341e0ec068af956f6fcc22a5e3e207dacf0b881eeb8e166182af6
Score
5/10
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
rundll32.exepid process 1604 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 708 wrote to memory of 1604 708 rundll32.exe rundll32.exe PID 708 wrote to memory of 1604 708 rundll32.exe rundll32.exe PID 708 wrote to memory of 1604 708 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Intelx6.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Intelx6.dll,#12⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger