Analysis
-
max time kernel
42s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
11-10-2022 21:25
Static task
static1
Behavioral task
behavioral1
Sample
628c384fb5fdd61f3496cd1ebc0ceb1be5ac574066d68def70610e435ee9e49a.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
628c384fb5fdd61f3496cd1ebc0ceb1be5ac574066d68def70610e435ee9e49a.dll
Resource
win10v2004-20220812-en
General
-
Target
628c384fb5fdd61f3496cd1ebc0ceb1be5ac574066d68def70610e435ee9e49a.dll
-
Size
61KB
-
MD5
7a57f3ec95d9ef0ab615204021f996a8
-
SHA1
0b55332a4821c3327ad40859e5648b2af8c9cb15
-
SHA256
628c384fb5fdd61f3496cd1ebc0ceb1be5ac574066d68def70610e435ee9e49a
-
SHA512
0fd65f3fbee3ccd47bac80fc65e571eab1844ebbf4975103c6e992ee1964789d14923cf846e2e1465613161cb1fce61a0bcbc06f1204d6d7862faf4b055ca7da
-
SSDEEP
1536:OPefh5SrZxCS52aeFKl7bMOz5hnIwzYVmcsdR:OPefh0rDCSk6lH3IYYVmcsdR
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 832 wrote to memory of 1692 832 rundll32.exe 28 PID 832 wrote to memory of 1692 832 rundll32.exe 28 PID 832 wrote to memory of 1692 832 rundll32.exe 28 PID 832 wrote to memory of 1692 832 rundll32.exe 28 PID 832 wrote to memory of 1692 832 rundll32.exe 28 PID 832 wrote to memory of 1692 832 rundll32.exe 28 PID 832 wrote to memory of 1692 832 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\628c384fb5fdd61f3496cd1ebc0ceb1be5ac574066d68def70610e435ee9e49a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:832 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\628c384fb5fdd61f3496cd1ebc0ceb1be5ac574066d68def70610e435ee9e49a.dll,#12⤵PID:1692
-