Analysis
-
max time kernel
38s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
18/09/2022, 23:27
Static task
static1
Behavioral task
behavioral1
Sample
da9ce7f54321ea2d2bc48980753c0e72f2b7ba970f956d97d58b49fb6df1c460.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
da9ce7f54321ea2d2bc48980753c0e72f2b7ba970f956d97d58b49fb6df1c460.dll
Resource
win10v2004-20220901-en
General
-
Target
da9ce7f54321ea2d2bc48980753c0e72f2b7ba970f956d97d58b49fb6df1c460.dll
-
Size
33KB
-
MD5
314203fb453e226eb53863d847b9a0f5
-
SHA1
297ab1843ae4499b3dab4d56eabfcd7c0371a3c6
-
SHA256
da9ce7f54321ea2d2bc48980753c0e72f2b7ba970f956d97d58b49fb6df1c460
-
SHA512
48e63d58700b00a1c3463000c9d460635ab400264cb5ece7153d9a1dec7ead3facf4c792a7da9de086a721253b9d7470e7a165122d0f8bf5a7161013b0ca8f63
-
SSDEEP
768:SWPYvZLnZ0icDVov3Yq7pW/PB7cOkRERz8ckt:jPYvZLnUVOb7pW/GLERz8cS
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2020 wrote to memory of 1472 2020 rundll32.exe 26 PID 2020 wrote to memory of 1472 2020 rundll32.exe 26 PID 2020 wrote to memory of 1472 2020 rundll32.exe 26 PID 2020 wrote to memory of 1472 2020 rundll32.exe 26 PID 2020 wrote to memory of 1472 2020 rundll32.exe 26 PID 2020 wrote to memory of 1472 2020 rundll32.exe 26 PID 2020 wrote to memory of 1472 2020 rundll32.exe 26
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\da9ce7f54321ea2d2bc48980753c0e72f2b7ba970f956d97d58b49fb6df1c460.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\da9ce7f54321ea2d2bc48980753c0e72f2b7ba970f956d97d58b49fb6df1c460.dll,#12⤵PID:1472
-