Analysis
-
max time kernel
5s -
max time network
54s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
04-06-2021 11:27
Static task
static1
Behavioral task
behavioral1
Sample
38beb0ea97e3c5758b4839b8874d552a6ddce7bcde77986c62bf49041e229bc6.bin.sample.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
38beb0ea97e3c5758b4839b8874d552a6ddce7bcde77986c62bf49041e229bc6.bin.sample.dll
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
38beb0ea97e3c5758b4839b8874d552a6ddce7bcde77986c62bf49041e229bc6.bin.sample.dll
-
Size
164KB
-
MD5
2756f86ef462729bd072ef2d05f00f54
-
SHA1
b074e97c19bc69d39c235c763675b492e2e216f1
-
SHA256
38beb0ea97e3c5758b4839b8874d552a6ddce7bcde77986c62bf49041e229bc6
-
SHA512
9c6a618870ebb1a50bd647f26327d4ab25905c8d438e1f71be87f343e91d58c0e4683afeefc7f725b091cb1a47b5e7fa30d99402fb4296a88e8a5b138ef62d14
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1696 wrote to memory of 1916 1696 rundll32.exe rundll32.exe PID 1696 wrote to memory of 1916 1696 rundll32.exe rundll32.exe PID 1696 wrote to memory of 1916 1696 rundll32.exe rundll32.exe PID 1696 wrote to memory of 1916 1696 rundll32.exe rundll32.exe PID 1696 wrote to memory of 1916 1696 rundll32.exe rundll32.exe PID 1696 wrote to memory of 1916 1696 rundll32.exe rundll32.exe PID 1696 wrote to memory of 1916 1696 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\38beb0ea97e3c5758b4839b8874d552a6ddce7bcde77986c62bf49041e229bc6.bin.sample.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1696 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\38beb0ea97e3c5758b4839b8874d552a6ddce7bcde77986c62bf49041e229bc6.bin.sample.dll,#12⤵PID:1916