Analysis
-
max time kernel
0s -
max time network
55s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
18-05-2021 12:43
Static task
static1
Behavioral task
behavioral1
Sample
a57f21da2785014c9bafb6101c1d5a4c30404a4e8f0471610400374f4456cfbf.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
a57f21da2785014c9bafb6101c1d5a4c30404a4e8f0471610400374f4456cfbf.dll
-
Size
1002KB
-
MD5
3dfa424e87ef1785685fd60f77403568
-
SHA1
5e7907151feafab5674b68c352eb607799de3302
-
SHA256
a57f21da2785014c9bafb6101c1d5a4c30404a4e8f0471610400374f4456cfbf
-
SHA512
471a83da4f42f224cc3ceb5b95bb9bdc934ecee5f2e715dae3313aaf4ad58a864082e603da0af0b6c20c749bcaa963b05fc6dc368df4b392a81ecc9f40cf4ada
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1992 wrote to memory of 1656 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 1656 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 1656 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 1656 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 1656 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 1656 1992 rundll32.exe rundll32.exe PID 1992 wrote to memory of 1656 1992 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a57f21da2785014c9bafb6101c1d5a4c30404a4e8f0471610400374f4456cfbf.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a57f21da2785014c9bafb6101c1d5a4c30404a4e8f0471610400374f4456cfbf.dll,#12⤵