Analysis
-
max time kernel
0s -
max time network
39s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
18-05-2021 08:08
Static task
static1
Behavioral task
behavioral1
Sample
668cd5d5dd94fdaa745891f0883d2858a692cf2ee00f7ce72f751734e30f84a4.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
668cd5d5dd94fdaa745891f0883d2858a692cf2ee00f7ce72f751734e30f84a4.dll
-
Size
667KB
-
MD5
63cb5fd5731c8c93387c439616dc55c7
-
SHA1
ef4f186e6015c43ce944ccdbeabaff2dded9d4fd
-
SHA256
668cd5d5dd94fdaa745891f0883d2858a692cf2ee00f7ce72f751734e30f84a4
-
SHA512
b2db13745f93d28dd9144a82f24a9bf48b3450a45ade7541bee4688fe30dbfd8b94329c2521dcb4d61dbe79d126a55522193918432b0ca83dc56649f087322e0
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 520 wrote to memory of 1484 520 rundll32.exe rundll32.exe PID 520 wrote to memory of 1484 520 rundll32.exe rundll32.exe PID 520 wrote to memory of 1484 520 rundll32.exe rundll32.exe PID 520 wrote to memory of 1484 520 rundll32.exe rundll32.exe PID 520 wrote to memory of 1484 520 rundll32.exe rundll32.exe PID 520 wrote to memory of 1484 520 rundll32.exe rundll32.exe PID 520 wrote to memory of 1484 520 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\668cd5d5dd94fdaa745891f0883d2858a692cf2ee00f7ce72f751734e30f84a4.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\668cd5d5dd94fdaa745891f0883d2858a692cf2ee00f7ce72f751734e30f84a4.dll,#12⤵