Analysis
-
max time kernel
122s -
max time network
121s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
18-05-2021 12:34
Static task
static1
Behavioral task
behavioral1
Sample
ecb4d6d28f1df593fc832cb107e3d491cdeba72fecd83ef4685a1f07756023cf.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
ecb4d6d28f1df593fc832cb107e3d491cdeba72fecd83ef4685a1f07756023cf.dll
-
Size
435KB
-
MD5
57b23b00c1692c6b0b63fe744c12bcf0
-
SHA1
4bb0fc1eff139cf9a69afd176a341795cc212031
-
SHA256
ecb4d6d28f1df593fc832cb107e3d491cdeba72fecd83ef4685a1f07756023cf
-
SHA512
faf78314b1713951fd7824ddf55aea70d88622868ae5503f536460e6f37375b518f734b09be005719714ccf6b3079e4a1b92d4ba817264c88c37964b4d882e37
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1640 wrote to memory of 1180 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 1180 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 1180 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 1180 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 1180 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 1180 1640 rundll32.exe rundll32.exe PID 1640 wrote to memory of 1180 1640 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ecb4d6d28f1df593fc832cb107e3d491cdeba72fecd83ef4685a1f07756023cf.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ecb4d6d28f1df593fc832cb107e3d491cdeba72fecd83ef4685a1f07756023cf.dll,#12⤵