Analysis
-
max time kernel
117s -
max time network
141s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
01-02-2022 12:40
Static task
static1
Behavioral task
behavioral1
Sample
e29f14ed1dc3b16a16114912695d69e7a952ca0c51374c59618bfedeac56b43a.dll
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
General
-
Target
e29f14ed1dc3b16a16114912695d69e7a952ca0c51374c59618bfedeac56b43a.dll
-
Size
22KB
-
MD5
a469d5403003584e71c5e5bdbfc5d4e4
-
SHA1
adf569be634c8bd03cc1948042499545a1bd1996
-
SHA256
e29f14ed1dc3b16a16114912695d69e7a952ca0c51374c59618bfedeac56b43a
-
SHA512
fabdb31756703f80cf168ee43f47e1538b43e02e4f9ac648c852aa7da3b87add8aaad1a08865ff2d8f2f1e48d4122fe7faf67453924885badad63df8c2f4c15a
Malware Config
Signatures
-
Nloader Payload 2 IoCs
resource yara_rule behavioral1/memory/1368-56-0x0000000010000000-0x0000000010007000-memory.dmp nloader behavioral1/memory/1368-59-0x0000000000180000-0x0000000000185000-memory.dmp nloader -
Blocklisted process makes network request 1 IoCs
flow pid Process 2 1368 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1624 wrote to memory of 1368 1624 rundll32.exe 27 PID 1624 wrote to memory of 1368 1624 rundll32.exe 27 PID 1624 wrote to memory of 1368 1624 rundll32.exe 27 PID 1624 wrote to memory of 1368 1624 rundll32.exe 27 PID 1624 wrote to memory of 1368 1624 rundll32.exe 27 PID 1624 wrote to memory of 1368 1624 rundll32.exe 27 PID 1624 wrote to memory of 1368 1624 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e29f14ed1dc3b16a16114912695d69e7a952ca0c51374c59618bfedeac56b43a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1624 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e29f14ed1dc3b16a16114912695d69e7a952ca0c51374c59618bfedeac56b43a.dll,#12⤵
- Blocklisted process makes network request
PID:1368
-