Analysis
-
max time kernel
2s -
max time network
43s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
18-05-2021 12:03
Static task
static1
Behavioral task
behavioral1
Sample
f06c3981baa23da5ae31e30e3de8286d32494edff3a3870803585857b8c56929.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
f06c3981baa23da5ae31e30e3de8286d32494edff3a3870803585857b8c56929.dll
-
Size
451KB
-
MD5
8698dd3ce1311419353e586c4b7e74c8
-
SHA1
39cc9576cc8661e12735f81f53dc951f98ce693c
-
SHA256
f06c3981baa23da5ae31e30e3de8286d32494edff3a3870803585857b8c56929
-
SHA512
d82007171959b273454c291a21f016527be7eb96a894f8b4168e73bcb980d84fa7c0bf2657a72a6e3ff185cf178cdb794417bd2e3d604dab45579df1aca8e78c
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1900 wrote to memory of 1096 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1096 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1096 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1096 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1096 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1096 1900 rundll32.exe rundll32.exe PID 1900 wrote to memory of 1096 1900 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f06c3981baa23da5ae31e30e3de8286d32494edff3a3870803585857b8c56929.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f06c3981baa23da5ae31e30e3de8286d32494edff3a3870803585857b8c56929.dll,#12⤵