Analysis
-
max time kernel
151s -
max time network
128s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
20-09-2021 11:39
Static task
static1
Behavioral task
behavioral1
Sample
test.test.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
test.test.dll
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
test.test.dll
-
Size
249KB
-
MD5
69c9b5e0c3e6346f468ed148fc318529
-
SHA1
4ad69a31a65172cdcaa6e3ea1afad7b4e30b88d9
-
SHA256
3026fb99476bfb40357573b15fc63c0c63b1e9bd99f8266e91da21b80fe903cf
-
SHA512
6f1bc5ea61583efe89c372bdbcdccb52b3b8571a0acf5d41f07e7111dd00af0adeab4dd93c1b8384b153354117b8e81fa63045e5bdc63eae4384652c627f379d
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 6 IoCs
flow pid Process 2 740 rundll32.exe 8 740 rundll32.exe 13 740 rundll32.exe 16 740 rundll32.exe 17 740 rundll32.exe 18 740 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1832 wrote to memory of 740 1832 rundll32.exe 68 PID 1832 wrote to memory of 740 1832 rundll32.exe 68 PID 1832 wrote to memory of 740 1832 rundll32.exe 68
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\test.test.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1832 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\test.test.dll,#12⤵
- Blocklisted process makes network request
PID:740
-