Analysis
-
max time kernel
142s -
max time network
57s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
26-09-2021 13:18
Static task
static1
Behavioral task
behavioral1
Sample
f092b985b75a702c784f0936ce892595b91d025b26f3387a712b76dcc3a4bc81.dll
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
f092b985b75a702c784f0936ce892595b91d025b26f3387a712b76dcc3a4bc81.dll
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
f092b985b75a702c784f0936ce892595b91d025b26f3387a712b76dcc3a4bc81.dll
-
Size
199KB
-
MD5
23a6691939ae3e33b3c31ada6eeed7b8
-
SHA1
deae30bdc505699a61f65d4e629e5b66adf57034
-
SHA256
f092b985b75a702c784f0936ce892595b91d025b26f3387a712b76dcc3a4bc81
-
SHA512
0ac04fcb67530d2ce3ea0f5380bab82682d1c42b988503de0063d4c418834eb694846b38cb95c65218aa8e46372564d55948c745f1b7a5c8c9d03c078bb106bd
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
rundll32.exepid process 1932 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1392 wrote to memory of 1932 1392 rundll32.exe rundll32.exe PID 1392 wrote to memory of 1932 1392 rundll32.exe rundll32.exe PID 1392 wrote to memory of 1932 1392 rundll32.exe rundll32.exe PID 1392 wrote to memory of 1932 1392 rundll32.exe rundll32.exe PID 1392 wrote to memory of 1932 1392 rundll32.exe rundll32.exe PID 1392 wrote to memory of 1932 1392 rundll32.exe rundll32.exe PID 1392 wrote to memory of 1932 1392 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f092b985b75a702c784f0936ce892595b91d025b26f3387a712b76dcc3a4bc81.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f092b985b75a702c784f0936ce892595b91d025b26f3387a712b76dcc3a4bc81.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses