Analysis
-
max time kernel
3s -
max time network
39s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
18-05-2021 13:11
Static task
static1
Behavioral task
behavioral1
Sample
3e03f863a3e50377028438fc791a1918dfeed6fa904cba817131355d87b0f258.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
3e03f863a3e50377028438fc791a1918dfeed6fa904cba817131355d87b0f258.dll
-
Size
436KB
-
MD5
3b33ad6fbc372432ac241106c967501a
-
SHA1
e6d14daf269e1c979e5dfe59eb74bd6b9e46d17c
-
SHA256
3e03f863a3e50377028438fc791a1918dfeed6fa904cba817131355d87b0f258
-
SHA512
f7c601909555ab88899c6c847bf9887316aec852e4088d92a114e3005f0f7fd73e72cb2ee316dc1fdbd46e810bf70f95fb273344761b3a5eb4cb02294a836061
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1204 wrote to memory of 836 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 836 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 836 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 836 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 836 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 836 1204 rundll32.exe rundll32.exe PID 1204 wrote to memory of 836 1204 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3e03f863a3e50377028438fc791a1918dfeed6fa904cba817131355d87b0f258.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3e03f863a3e50377028438fc791a1918dfeed6fa904cba817131355d87b0f258.dll,#12⤵