Analysis
-
max time kernel
11s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
12-10-2022 22:27
Static task
static1
Behavioral task
behavioral1
Sample
e23f5f7cb12b08bcb0102fc9254a0574f9974ae65c521b18d926a9e8bdc03dff.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
e23f5f7cb12b08bcb0102fc9254a0574f9974ae65c521b18d926a9e8bdc03dff.dll
-
Size
418KB
-
MD5
60c5c2ebff1f8f88159e851b4285f740
-
SHA1
32bca0a7f0bbb7b1726fa3f09ff5a8b4ac874981
-
SHA256
e23f5f7cb12b08bcb0102fc9254a0574f9974ae65c521b18d926a9e8bdc03dff
-
SHA512
e45369f5191f2a2bf23c7010b4640fc59a223bb6e8c196eb9c86a727e74a89b9325e9d4cec334c0c0bf152efbdaa77da8e5d76899e2a756f53cbaae87c1fc4d2
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0W:jDgtfRQUHPw06MoV2nwTBlhm8e
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1932 wrote to memory of 1104 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 1104 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 1104 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 1104 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 1104 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 1104 1932 rundll32.exe rundll32.exe PID 1932 wrote to memory of 1104 1932 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e23f5f7cb12b08bcb0102fc9254a0574f9974ae65c521b18d926a9e8bdc03dff.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e23f5f7cb12b08bcb0102fc9254a0574f9974ae65c521b18d926a9e8bdc03dff.dll,#12⤵