Analysis
-
max time kernel
118s -
max time network
138s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
20-10-2021 14:06
Behavioral task
behavioral1
Sample
0528d945f86be2aae330340548b4acd3f9c0e48a6a2d998c43cd055714c0df78.bin.sample.dll
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
0528d945f86be2aae330340548b4acd3f9c0e48a6a2d998c43cd055714c0df78.bin.sample.dll
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
0528d945f86be2aae330340548b4acd3f9c0e48a6a2d998c43cd055714c0df78.bin.sample.dll
-
Size
8.4MB
-
MD5
2046a3fdc751f79334628ba49e5c5eb6
-
SHA1
864a55bddcab6cdf14aeb69419250ca8c90bc453
-
SHA256
0528d945f86be2aae330340548b4acd3f9c0e48a6a2d998c43cd055714c0df78
-
SHA512
d560acb71b05047a7ab1b03050d508f7d867e53a1d409bb2cd9c6dd05315c846ed3a31c9ee47cc10a0bb26454466033f2c9b5908b8073a66e4945a7d4a9c84b4
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 772 wrote to memory of 788 772 rundll32.exe rundll32.exe PID 772 wrote to memory of 788 772 rundll32.exe rundll32.exe PID 772 wrote to memory of 788 772 rundll32.exe rundll32.exe PID 772 wrote to memory of 788 772 rundll32.exe rundll32.exe PID 772 wrote to memory of 788 772 rundll32.exe rundll32.exe PID 772 wrote to memory of 788 772 rundll32.exe rundll32.exe PID 772 wrote to memory of 788 772 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0528d945f86be2aae330340548b4acd3f9c0e48a6a2d998c43cd055714c0df78.bin.sample.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0528d945f86be2aae330340548b4acd3f9c0e48a6a2d998c43cd055714c0df78.bin.sample.dll,#12⤵