Analysis
-
max time kernel
3s -
max time network
15s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
18-05-2021 11:38
Static task
static1
Behavioral task
behavioral1
Sample
e9b1b871c7ee047bab8a2d03d832a1ed035b101cacd8eecece205f66fc659ac3.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
e9b1b871c7ee047bab8a2d03d832a1ed035b101cacd8eecece205f66fc659ac3.dll
-
Size
948KB
-
MD5
7240a8948ec57f99eaaf0f1f8a0fdbe1
-
SHA1
1ba980e50f65d71080e23bac41fc2eb717139b20
-
SHA256
e9b1b871c7ee047bab8a2d03d832a1ed035b101cacd8eecece205f66fc659ac3
-
SHA512
aba527446015c6846a38ddd262e2f0183034b67dd6341c57f468551ad25bdf6c5044b940e6ac5ad6b63ae521d21e44553aa702016f77c60668f9e60c6fa6e62f
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 336 wrote to memory of 1096 336 rundll32.exe rundll32.exe PID 336 wrote to memory of 1096 336 rundll32.exe rundll32.exe PID 336 wrote to memory of 1096 336 rundll32.exe rundll32.exe PID 336 wrote to memory of 1096 336 rundll32.exe rundll32.exe PID 336 wrote to memory of 1096 336 rundll32.exe rundll32.exe PID 336 wrote to memory of 1096 336 rundll32.exe rundll32.exe PID 336 wrote to memory of 1096 336 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e9b1b871c7ee047bab8a2d03d832a1ed035b101cacd8eecece205f66fc659ac3.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e9b1b871c7ee047bab8a2d03d832a1ed035b101cacd8eecece205f66fc659ac3.dll,#12⤵