Analysis
-
max time kernel
3s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
13-05-2021 01:49
Static task
static1
Behavioral task
behavioral1
Sample
185c8c30d07b25f9a74e9b9f4c12b86cda0a6325a52fbe6204d4d7d8a0b548b9.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
185c8c30d07b25f9a74e9b9f4c12b86cda0a6325a52fbe6204d4d7d8a0b548b9.dll
-
Size
732KB
-
MD5
fcf6c48517a1c5674c2f6e19be5a42b6
-
SHA1
30e6581def4a7a2047e36621a31972e437bf0402
-
SHA256
185c8c30d07b25f9a74e9b9f4c12b86cda0a6325a52fbe6204d4d7d8a0b548b9
-
SHA512
3b2303b55510d515d0831371e6979ab3cfb455fd8a18a3a0b2e4d5b27a2fb5e7156328dcd92691f1396be8799cc01f7e220b542d2d29fe8de02573160a286ed0
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1084 wrote to memory of 1196 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1196 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1196 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1196 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1196 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1196 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1196 1084 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\185c8c30d07b25f9a74e9b9f4c12b86cda0a6325a52fbe6204d4d7d8a0b548b9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1084 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\185c8c30d07b25f9a74e9b9f4c12b86cda0a6325a52fbe6204d4d7d8a0b548b9.dll,#12⤵PID:1196