Analysis
-
max time kernel
157s -
max time network
180s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
13-11-2021 17:35
Static task
static1
Behavioral task
behavioral1
Sample
2532083859417ec55d85a2412a678c2ff3219d473e6abfca158e4bc75ef8c8b9.dll
Resource
win7-en-20211104
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2532083859417ec55d85a2412a678c2ff3219d473e6abfca158e4bc75ef8c8b9.dll
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
2532083859417ec55d85a2412a678c2ff3219d473e6abfca158e4bc75ef8c8b9.dll
-
Size
64KB
-
MD5
f9e519f958184c4e2150c7828bb1efea
-
SHA1
cc64a670ded14c941ae690f59c47fa2abe3858c1
-
SHA256
2532083859417ec55d85a2412a678c2ff3219d473e6abfca158e4bc75ef8c8b9
-
SHA512
eb3d690a61f90908605780042acaf21d32c0a37973a0c74da5ad27b64fa99f9905a95e7b2cc33d1e553739d3d30e684d7f246201b335947ff65351d3ff4f4ec4
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 5 IoCs
flow pid Process 19 4312 rundll32.exe 33 4312 rundll32.exe 36 4312 rundll32.exe 37 4312 rundll32.exe 39 4312 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4272 wrote to memory of 4312 4272 rundll32.exe 68 PID 4272 wrote to memory of 4312 4272 rundll32.exe 68 PID 4272 wrote to memory of 4312 4272 rundll32.exe 68
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2532083859417ec55d85a2412a678c2ff3219d473e6abfca158e4bc75ef8c8b9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4272 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2532083859417ec55d85a2412a678c2ff3219d473e6abfca158e4bc75ef8c8b9.dll,#12⤵
- Blocklisted process makes network request
PID:4312
-