Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
18-05-2021 10:03
Static task
static1
Behavioral task
behavioral1
Sample
a89c3593daee8f32712f600f18369b61263db7661b7848e9adfe08174310e0ad.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
a89c3593daee8f32712f600f18369b61263db7661b7848e9adfe08174310e0ad.dll
-
Size
726KB
-
MD5
7b30700b4b44885d7440c47016447384
-
SHA1
781064ce6af4d9ccbaf1263ceb2fb0fbaeacc44a
-
SHA256
a89c3593daee8f32712f600f18369b61263db7661b7848e9adfe08174310e0ad
-
SHA512
4ba9c996c192a7b171b1c0a8f970bbf313c3525f62e1a6c4cbc45c95390f4572a4d347aa1fd4953f323c01443baa684d6bba33b2cf77ca2f5ba2245fa94877fd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1948 wrote to memory of 1132 1948 rundll32.exe rundll32.exe PID 1948 wrote to memory of 1132 1948 rundll32.exe rundll32.exe PID 1948 wrote to memory of 1132 1948 rundll32.exe rundll32.exe PID 1948 wrote to memory of 1132 1948 rundll32.exe rundll32.exe PID 1948 wrote to memory of 1132 1948 rundll32.exe rundll32.exe PID 1948 wrote to memory of 1132 1948 rundll32.exe rundll32.exe PID 1948 wrote to memory of 1132 1948 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a89c3593daee8f32712f600f18369b61263db7661b7848e9adfe08174310e0ad.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a89c3593daee8f32712f600f18369b61263db7661b7848e9adfe08174310e0ad.dll,#12⤵