Analysis
-
max time kernel
4s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
18-05-2021 11:10
Static task
static1
Behavioral task
behavioral1
Sample
c822a4ce6bbad6d9e3f25777f8b4a46bc263da91771f27d5c8310269676440ef.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
c822a4ce6bbad6d9e3f25777f8b4a46bc263da91771f27d5c8310269676440ef.dll
-
Size
454KB
-
MD5
50259c1b67b3ffd1486e4b6c0163efcd
-
SHA1
46695ecedd48e987e563e18e865d9501bddeaf95
-
SHA256
c822a4ce6bbad6d9e3f25777f8b4a46bc263da91771f27d5c8310269676440ef
-
SHA512
7933955a8acdd33f4df42aa28d7acb858ecac84d9d8629a07be67cc3174cb0aa053956dde985c1460cfebf5f6ec168618be0e4aa5507ada5ee2cf1913188ded7
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 452 wrote to memory of 2020 452 rundll32.exe rundll32.exe PID 452 wrote to memory of 2020 452 rundll32.exe rundll32.exe PID 452 wrote to memory of 2020 452 rundll32.exe rundll32.exe PID 452 wrote to memory of 2020 452 rundll32.exe rundll32.exe PID 452 wrote to memory of 2020 452 rundll32.exe rundll32.exe PID 452 wrote to memory of 2020 452 rundll32.exe rundll32.exe PID 452 wrote to memory of 2020 452 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c822a4ce6bbad6d9e3f25777f8b4a46bc263da91771f27d5c8310269676440ef.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c822a4ce6bbad6d9e3f25777f8b4a46bc263da91771f27d5c8310269676440ef.dll,#12⤵