Analysis
-
max time kernel
4s -
max time network
42s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
18-05-2021 08:14
Static task
static1
Behavioral task
behavioral1
Sample
61bf91f08bce264cb513a8b99c050064bd2f6fbdd8e18f1a8d66ae94bdacfd04.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
61bf91f08bce264cb513a8b99c050064bd2f6fbdd8e18f1a8d66ae94bdacfd04.dll
-
Size
446KB
-
MD5
b6512cd6641618fb0703ea17306a709c
-
SHA1
43dbf4dffb2c0b3309973c1ff314f3783692e2d6
-
SHA256
61bf91f08bce264cb513a8b99c050064bd2f6fbdd8e18f1a8d66ae94bdacfd04
-
SHA512
bea404fc7ff11d88f40a13c58d5c38af5450a90455abd3634d83442383e0dbb21aa867f44b3ae4a75bd708d87cca63b5a0938f9d73b454f6bab824d6f6620d92
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1972 wrote to memory of 1128 1972 rundll32.exe rundll32.exe PID 1972 wrote to memory of 1128 1972 rundll32.exe rundll32.exe PID 1972 wrote to memory of 1128 1972 rundll32.exe rundll32.exe PID 1972 wrote to memory of 1128 1972 rundll32.exe rundll32.exe PID 1972 wrote to memory of 1128 1972 rundll32.exe rundll32.exe PID 1972 wrote to memory of 1128 1972 rundll32.exe rundll32.exe PID 1972 wrote to memory of 1128 1972 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\61bf91f08bce264cb513a8b99c050064bd2f6fbdd8e18f1a8d66ae94bdacfd04.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\61bf91f08bce264cb513a8b99c050064bd2f6fbdd8e18f1a8d66ae94bdacfd04.dll,#12⤵