Analysis
-
max time kernel
3s -
max time network
15s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
18-05-2021 13:06
Static task
static1
Behavioral task
behavioral1
Sample
5a35bf1d962346e81010882426312f0fe8ff9ab768296b3d5a9e05d7713eafe6.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
5a35bf1d962346e81010882426312f0fe8ff9ab768296b3d5a9e05d7713eafe6.dll
-
Size
450KB
-
MD5
406cd67ac18f82e17c4c6a47597081e9
-
SHA1
7ecab869c6bdb6566feb415d575efc255d52c570
-
SHA256
5a35bf1d962346e81010882426312f0fe8ff9ab768296b3d5a9e05d7713eafe6
-
SHA512
7c598ecb02c42e39e2365c2e2daf92179ffb7e3f83ba342937700cfd3279c4b9a8657972141b64c7eb4eb447a079f998b1f4856f6bf775ff10e6c3065a57fd59
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1420 wrote to memory of 1388 1420 rundll32.exe rundll32.exe PID 1420 wrote to memory of 1388 1420 rundll32.exe rundll32.exe PID 1420 wrote to memory of 1388 1420 rundll32.exe rundll32.exe PID 1420 wrote to memory of 1388 1420 rundll32.exe rundll32.exe PID 1420 wrote to memory of 1388 1420 rundll32.exe rundll32.exe PID 1420 wrote to memory of 1388 1420 rundll32.exe rundll32.exe PID 1420 wrote to memory of 1388 1420 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5a35bf1d962346e81010882426312f0fe8ff9ab768296b3d5a9e05d7713eafe6.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5a35bf1d962346e81010882426312f0fe8ff9ab768296b3d5a9e05d7713eafe6.dll,#12⤵