Analysis
-
max time kernel
240s -
max time network
264s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
06-08-2021 11:02
Static task
static1
Behavioral task
behavioral1
Sample
2ca64feaaf5ab6cf96677fbc2bc0e1995b3bc93472d7af884139aa757240e3f6.dll
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2ca64feaaf5ab6cf96677fbc2bc0e1995b3bc93472d7af884139aa757240e3f6.dll
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
2ca64feaaf5ab6cf96677fbc2bc0e1995b3bc93472d7af884139aa757240e3f6.dll
-
Size
164KB
-
MD5
6e3efb83299d800edf1624ecbc0665e7
-
SHA1
0bd22f204c5373f1a22d9a02c59f69f354a2cc0d
-
SHA256
2ca64feaaf5ab6cf96677fbc2bc0e1995b3bc93472d7af884139aa757240e3f6
-
SHA512
dd1675bb15eb8ea2933b25413271117823ad7ff38280e7f552b5201e3a5bef8607a2112df2e24f598449ebfdb570ff9458aba0314ed8819dd4d774ea855e9ad2
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1700 wrote to memory of 1080 1700 rundll32.exe rundll32.exe PID 1700 wrote to memory of 1080 1700 rundll32.exe rundll32.exe PID 1700 wrote to memory of 1080 1700 rundll32.exe rundll32.exe PID 1700 wrote to memory of 1080 1700 rundll32.exe rundll32.exe PID 1700 wrote to memory of 1080 1700 rundll32.exe rundll32.exe PID 1700 wrote to memory of 1080 1700 rundll32.exe rundll32.exe PID 1700 wrote to memory of 1080 1700 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2ca64feaaf5ab6cf96677fbc2bc0e1995b3bc93472d7af884139aa757240e3f6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1700 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2ca64feaaf5ab6cf96677fbc2bc0e1995b3bc93472d7af884139aa757240e3f6.dll,#12⤵PID:1080