Analysis
-
max time kernel
114s -
max time network
114s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
18-05-2021 11:23
Static task
static1
Behavioral task
behavioral1
Sample
27afd94ecea791c80b11c939222a17f82046a1cf4bc2520e5df38f198e1e1b07.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
27afd94ecea791c80b11c939222a17f82046a1cf4bc2520e5df38f198e1e1b07.dll
-
Size
677KB
-
MD5
45dfe2c5e98d7d5739eeaab796443955
-
SHA1
a29abdf5bcc6f5e3287e1ce73e60292cd2a92d51
-
SHA256
27afd94ecea791c80b11c939222a17f82046a1cf4bc2520e5df38f198e1e1b07
-
SHA512
c56ff516ec3052933a9b05fbf5053ab21025068ed96fd11c015451791bcc49e4b84eb463a1df80246750a639d19ae3ee22dae05746fdcd41f6b6bab6423ab7d3
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1816 wrote to memory of 1844 1816 rundll32.exe rundll32.exe PID 1816 wrote to memory of 1844 1816 rundll32.exe rundll32.exe PID 1816 wrote to memory of 1844 1816 rundll32.exe rundll32.exe PID 1816 wrote to memory of 1844 1816 rundll32.exe rundll32.exe PID 1816 wrote to memory of 1844 1816 rundll32.exe rundll32.exe PID 1816 wrote to memory of 1844 1816 rundll32.exe rundll32.exe PID 1816 wrote to memory of 1844 1816 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\27afd94ecea791c80b11c939222a17f82046a1cf4bc2520e5df38f198e1e1b07.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\27afd94ecea791c80b11c939222a17f82046a1cf4bc2520e5df38f198e1e1b07.dll,#12⤵