Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
13-05-2021 01:53
Static task
static1
Behavioral task
behavioral1
Sample
bda6ac7ef7a1bab0e62f6fc917528670c51ea52310a9be7fd49e3ecf60d1ed2b.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
bda6ac7ef7a1bab0e62f6fc917528670c51ea52310a9be7fd49e3ecf60d1ed2b.dll
-
Size
525KB
-
MD5
bdf558d14f723c5a8917de55e031bd61
-
SHA1
4155c69e473610f9f62159a84a7df55282a3ae65
-
SHA256
bda6ac7ef7a1bab0e62f6fc917528670c51ea52310a9be7fd49e3ecf60d1ed2b
-
SHA512
e13996ad91e8f375b5686b856023d38b4ef82b0fc199b86d0cc83b78754c520eaea1b51f19654514c4716721061f61986fa26b4334d979ff09f1307ce0f64f45
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 788 wrote to memory of 2008 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2008 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2008 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2008 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2008 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2008 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2008 788 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bda6ac7ef7a1bab0e62f6fc917528670c51ea52310a9be7fd49e3ecf60d1ed2b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:788 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bda6ac7ef7a1bab0e62f6fc917528670c51ea52310a9be7fd49e3ecf60d1ed2b.dll,#12⤵PID:2008