Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
16-05-2021 04:34
Static task
static1
Behavioral task
behavioral1
Sample
9f948ac0dd82ec3d09e69cb664f15792a9967760c97ff9d59242edc13b348db9.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
9f948ac0dd82ec3d09e69cb664f15792a9967760c97ff9d59242edc13b348db9.dll
-
Size
1.2MB
-
MD5
6e6e3a07a0ed94b196976ba37a073c80
-
SHA1
9f61308e4636711eb317f622b5e596e972857a33
-
SHA256
9f948ac0dd82ec3d09e69cb664f15792a9967760c97ff9d59242edc13b348db9
-
SHA512
e5645e67823b64dd2e45e00e2ecf2bed5ff1bd5469dd25538744e22ad9d0dc4f2d80ee01d8d5deb6aa31cc02736f944c2ed47f787f96580b6423fce016674f01
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1640 wrote to memory of 2040 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 2040 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 2040 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 2040 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 2040 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 2040 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 2040 1640 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9f948ac0dd82ec3d09e69cb664f15792a9967760c97ff9d59242edc13b348db9.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9f948ac0dd82ec3d09e69cb664f15792a9967760c97ff9d59242edc13b348db9.dll,#12⤵