Analysis
-
max time kernel
3s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
18-05-2021 10:01
Static task
static1
Behavioral task
behavioral1
Sample
ae631723a338ffec7abec6d649a0705b6cdd01708715fb1952405cb7753008a4.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
ae631723a338ffec7abec6d649a0705b6cdd01708715fb1952405cb7753008a4.dll
-
Size
444KB
-
MD5
ffeb04ef1e9af02d911c1570ed85228c
-
SHA1
c9d63edf928c71233f2e308ea85b173fd8b82f5d
-
SHA256
ae631723a338ffec7abec6d649a0705b6cdd01708715fb1952405cb7753008a4
-
SHA512
46e547d908e32e4bcb6c11057167ba76a980651baa31da027c8760d19c5441e7627371b2caf25f96d2af56915318efb9b085b628f7d2ae8743a2ed430c01b531
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1084 wrote to memory of 1276 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1276 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1276 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1276 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1276 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1276 1084 rundll32.exe rundll32.exe PID 1084 wrote to memory of 1276 1084 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ae631723a338ffec7abec6d649a0705b6cdd01708715fb1952405cb7753008a4.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ae631723a338ffec7abec6d649a0705b6cdd01708715fb1952405cb7753008a4.dll,#12⤵