Analysis
-
max time kernel
5s -
max time network
114s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
15-06-2021 11:19
Static task
static1
Behavioral task
behavioral1
Sample
8913d9474fb91ba5f1d76740b08828b93f55022c5cc9d908ec3fc1abd0da98e0.bin.sample.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
8913d9474fb91ba5f1d76740b08828b93f55022c5cc9d908ec3fc1abd0da98e0.bin.sample.dll
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
8913d9474fb91ba5f1d76740b08828b93f55022c5cc9d908ec3fc1abd0da98e0.bin.sample.dll
-
Size
119KB
-
MD5
741a67164cae752512afe51a9e3a8acd
-
SHA1
f47e11135534cc7c1af923f3f351471278ed60aa
-
SHA256
8913d9474fb91ba5f1d76740b08828b93f55022c5cc9d908ec3fc1abd0da98e0
-
SHA512
175142b22d473cdd7b2a41e0284b7140e299985e7ac27cd2dbf8c312f0cd6b52de2be96939bb3d4eb0b7a5e3af6577b5f76242f7d13ca91d8bbaf47b5faaec1c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1824 wrote to memory of 2040 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 2040 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 2040 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 2040 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 2040 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 2040 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 2040 1824 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8913d9474fb91ba5f1d76740b08828b93f55022c5cc9d908ec3fc1abd0da98e0.bin.sample.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1824 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8913d9474fb91ba5f1d76740b08828b93f55022c5cc9d908ec3fc1abd0da98e0.bin.sample.dll,#12⤵PID:2040