Analysis
-
max time kernel
135s -
max time network
150s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
18-05-2021 08:15
Static task
static1
Behavioral task
behavioral1
Sample
68fae87b4978daf59fe64141f984ec9161b541c73001f695cfb6d933e77a38ab.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
68fae87b4978daf59fe64141f984ec9161b541c73001f695cfb6d933e77a38ab.dll
-
Size
783KB
-
MD5
76e79f061bca8fa757ce0ad0ed93ce86
-
SHA1
b94b972ba85af85a987fe0648cf1c70716ae0c4a
-
SHA256
68fae87b4978daf59fe64141f984ec9161b541c73001f695cfb6d933e77a38ab
-
SHA512
07c5f77ff702806f59a4b799ff322dae794d7c2870e91911d548d6092278b388295c5c36334555c9895148723a791b822b1bd831770f126c32a0f7ff0812845d
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1864 wrote to memory of 1532 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1532 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1532 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1532 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1532 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1532 1864 rundll32.exe rundll32.exe PID 1864 wrote to memory of 1532 1864 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\68fae87b4978daf59fe64141f984ec9161b541c73001f695cfb6d933e77a38ab.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\68fae87b4978daf59fe64141f984ec9161b541c73001f695cfb6d933e77a38ab.dll,#12⤵