Analysis
-
max time kernel
3s -
max time network
46s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
18-05-2021 09:41
Static task
static1
Behavioral task
behavioral1
Sample
9e57821d1fa121a27b4501cc858ad3721d939b4f3a30220efadd97d8cb212d12.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
9e57821d1fa121a27b4501cc858ad3721d939b4f3a30220efadd97d8cb212d12.dll
-
Size
1008KB
-
MD5
19c55abeba7ddb4c86040fc8edbe5bcb
-
SHA1
423ed985869c91806cc3d7c3d3696c856b0bc92b
-
SHA256
9e57821d1fa121a27b4501cc858ad3721d939b4f3a30220efadd97d8cb212d12
-
SHA512
18f98a32a71f077c225efd9391a3acc871bbad644bc004fde1fe1774e4e01e722d9785dc651754fcafa8f4b0e8052e3d1b10a43a7bb54f41286c05deff799a50
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1940 wrote to memory of 1100 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 1100 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 1100 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 1100 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 1100 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 1100 1940 rundll32.exe rundll32.exe PID 1940 wrote to memory of 1100 1940 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9e57821d1fa121a27b4501cc858ad3721d939b4f3a30220efadd97d8cb212d12.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9e57821d1fa121a27b4501cc858ad3721d939b4f3a30220efadd97d8cb212d12.dll,#12⤵