Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
13-05-2021 02:02
Static task
static1
Behavioral task
behavioral1
Sample
0d66f469f00e0fed3154faa00ef3b75e74a53811e192a11e461d13121a5c9602.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
0d66f469f00e0fed3154faa00ef3b75e74a53811e192a11e461d13121a5c9602.dll
-
Size
636KB
-
MD5
0c613a0c160d864adccf78edcc5a0239
-
SHA1
4e3150debd8f24c593aab99b0043673a7b1374ac
-
SHA256
0d66f469f00e0fed3154faa00ef3b75e74a53811e192a11e461d13121a5c9602
-
SHA512
dd71f44b017cc8fcfcf7219318fb994cbef3f47f3d20d47d13d13826243bf497fc8b71b8ffe258968ddeb3053d5615f0ddd44f81f63ed8fa8962b27e697c300b
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1104 wrote to memory of 2000 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 2000 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 2000 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 2000 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 2000 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 2000 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 2000 1104 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0d66f469f00e0fed3154faa00ef3b75e74a53811e192a11e461d13121a5c9602.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1104 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0d66f469f00e0fed3154faa00ef3b75e74a53811e192a11e461d13121a5c9602.dll,#12⤵PID:2000