Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-en-20211104 -
submitted
13-11-2021 17:35
Static task
static1
Behavioral task
behavioral1
Sample
2ac3570a2aa79bd927834c3e2e432bb5e424aa4ef3a58186eaba7e0a68d14104.dll
Resource
win7-en-20211104
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2ac3570a2aa79bd927834c3e2e432bb5e424aa4ef3a58186eaba7e0a68d14104.dll
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
2ac3570a2aa79bd927834c3e2e432bb5e424aa4ef3a58186eaba7e0a68d14104.dll
-
Size
119KB
-
MD5
3ecc9ca5e744d7ddafa04834c70b95c3
-
SHA1
ea4e9be41fa3f6895423e791596011f88ba45cde
-
SHA256
2ac3570a2aa79bd927834c3e2e432bb5e424aa4ef3a58186eaba7e0a68d14104
-
SHA512
270fd8bba59528f6f036e91fcd2e7c6d0fc2e8318851cdba656594c9bc62c356e4d0a20953e10cc9c8c0d980e34b552009af6b404b1432faee6d519d56f8f254
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1736 wrote to memory of 1060 1736 rundll32.exe 28 PID 1736 wrote to memory of 1060 1736 rundll32.exe 28 PID 1736 wrote to memory of 1060 1736 rundll32.exe 28 PID 1736 wrote to memory of 1060 1736 rundll32.exe 28 PID 1736 wrote to memory of 1060 1736 rundll32.exe 28 PID 1736 wrote to memory of 1060 1736 rundll32.exe 28 PID 1736 wrote to memory of 1060 1736 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2ac3570a2aa79bd927834c3e2e432bb5e424aa4ef3a58186eaba7e0a68d14104.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1736 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2ac3570a2aa79bd927834c3e2e432bb5e424aa4ef3a58186eaba7e0a68d14104.dll,#12⤵PID:1060
-