Analysis
-
max time kernel
5s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
13-05-2021 12:57
Static task
static1
Behavioral task
behavioral1
Sample
35b2901c794e754022cd2e081f649e917764ba8ed6ad472a4b2eb4477a689bf6.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
35b2901c794e754022cd2e081f649e917764ba8ed6ad472a4b2eb4477a689bf6.dll
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
35b2901c794e754022cd2e081f649e917764ba8ed6ad472a4b2eb4477a689bf6.dll
-
Size
177KB
-
MD5
9df0a05a986b18d2f2c82f4d1e9293ae
-
SHA1
3c4927659ccd631a82e31afe0f667834e8e2987a
-
SHA256
35b2901c794e754022cd2e081f649e917764ba8ed6ad472a4b2eb4477a689bf6
-
SHA512
5263dbe6a7ea33fe03a1d443842085636d8466363b06f2970d524bec10a19b48536526dc8b6b4b3897cae69ddc5f1e852aaf5ea077217ec8e75fb0f3681ef89a
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1996 wrote to memory of 2044 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 2044 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 2044 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 2044 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 2044 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 2044 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 2044 1996 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\35b2901c794e754022cd2e081f649e917764ba8ed6ad472a4b2eb4477a689bf6.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\35b2901c794e754022cd2e081f649e917764ba8ed6ad472a4b2eb4477a689bf6.dll,#12⤵