Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
18-05-2021 10:46
Static task
static1
Behavioral task
behavioral1
Sample
946757b2158eae8c8fa8ba35686a2c07788aa23f455939d7b61e99828a107301.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
946757b2158eae8c8fa8ba35686a2c07788aa23f455939d7b61e99828a107301.dll
-
Size
1020KB
-
MD5
a1ef974d3255e7d0775690112342aeee
-
SHA1
e1b7a5a498542faecea2cbb470ab682654d140c3
-
SHA256
946757b2158eae8c8fa8ba35686a2c07788aa23f455939d7b61e99828a107301
-
SHA512
e7cf618f9a7871d6a8cea29a4d452a6d719d8572b0b53f61e2406dc856ddfd1b22ec42f58921b191d40c4f9b4436181cbb9ba1676cc8aa3f0365ffb97ecad2a8
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 788 wrote to memory of 2020 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2020 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2020 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2020 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2020 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2020 788 rundll32.exe rundll32.exe PID 788 wrote to memory of 2020 788 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\946757b2158eae8c8fa8ba35686a2c07788aa23f455939d7b61e99828a107301.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\946757b2158eae8c8fa8ba35686a2c07788aa23f455939d7b61e99828a107301.dll,#12⤵