Analysis
-
max time kernel
44s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
12/10/2022, 17:54
Static task
static1
Behavioral task
behavioral1
Sample
18624f7916c37ae3f75dd66e730d024274e3bbe8af2e7bc3823c72b4e3359282.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
18624f7916c37ae3f75dd66e730d024274e3bbe8af2e7bc3823c72b4e3359282.dll
Resource
win10v2004-20220812-en
General
-
Target
18624f7916c37ae3f75dd66e730d024274e3bbe8af2e7bc3823c72b4e3359282.dll
-
Size
141KB
-
MD5
54c3bda317339b44de91748141e3cb63
-
SHA1
32dcebcca25b159912b43c5f91017c975dfd93d0
-
SHA256
18624f7916c37ae3f75dd66e730d024274e3bbe8af2e7bc3823c72b4e3359282
-
SHA512
eeacb5a4003b90567002d4033c41db81af7eefa611054fae1b7d023a11e12e7093346aff7c241f779fe6d2368d3587bbf53d7b2738f0f3bf6a0e202f6e89dd0b
-
SSDEEP
3072:6pjssOKcqQ2ddP76yqWMTzK6wgCy9Y8Xb8Y+o/:6psXVjsV+yZMim8Yn
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1396 wrote to memory of 952 1396 rundll32.exe 27 PID 1396 wrote to memory of 952 1396 rundll32.exe 27 PID 1396 wrote to memory of 952 1396 rundll32.exe 27 PID 1396 wrote to memory of 952 1396 rundll32.exe 27 PID 1396 wrote to memory of 952 1396 rundll32.exe 27 PID 1396 wrote to memory of 952 1396 rundll32.exe 27 PID 1396 wrote to memory of 952 1396 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\18624f7916c37ae3f75dd66e730d024274e3bbe8af2e7bc3823c72b4e3359282.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1396 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\18624f7916c37ae3f75dd66e730d024274e3bbe8af2e7bc3823c72b4e3359282.dll,#12⤵PID:952
-