Analysis
-
max time kernel
41s -
max time network
41s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
18-05-2021 11:13
Static task
static1
Behavioral task
behavioral1
Sample
03bcdc7cde3039a71ed864ec79406605311861d51b7a7c7bf3578ac622d6874b.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
03bcdc7cde3039a71ed864ec79406605311861d51b7a7c7bf3578ac622d6874b.dll
-
Size
678KB
-
MD5
a6cc3059382dc049e763b54f46bc6a82
-
SHA1
9a99b5061b84f7a36d2ab4e88d724fd2af6c1bd0
-
SHA256
03bcdc7cde3039a71ed864ec79406605311861d51b7a7c7bf3578ac622d6874b
-
SHA512
8e19f6f66db6d52e83f0f44ef883c24a7d558a96edad467e5eb8d6c366dbce46438e0f2821a207c180f059b2aaa664c68cc43391527f4998ca1f50310f29c6ae
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1240 wrote to memory of 1056 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1056 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1056 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1056 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1056 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1056 1240 rundll32.exe rundll32.exe PID 1240 wrote to memory of 1056 1240 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\03bcdc7cde3039a71ed864ec79406605311861d51b7a7c7bf3578ac622d6874b.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\03bcdc7cde3039a71ed864ec79406605311861d51b7a7c7bf3578ac622d6874b.dll,#12⤵