Analysis
-
max time kernel
22s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
14/10/2022, 10:36
Static task
static1
Behavioral task
behavioral1
Sample
4d1683e9edf16fa5fe164eb69e3181c9ca61604558accda39ed910dc8ea61854.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4d1683e9edf16fa5fe164eb69e3181c9ca61604558accda39ed910dc8ea61854.dll
Resource
win10v2004-20220812-en
General
-
Target
4d1683e9edf16fa5fe164eb69e3181c9ca61604558accda39ed910dc8ea61854.dll
-
Size
5KB
-
MD5
63598debdc4926441dc0ea6041bb64c7
-
SHA1
1b637d9b3aa09f59f44958550f5aa1b456a43e26
-
SHA256
4d1683e9edf16fa5fe164eb69e3181c9ca61604558accda39ed910dc8ea61854
-
SHA512
48bd47b58061d44620f0d686b38583e01dd5dd85029968ba4e01afd57a6c06aa608762f48cbc2c640540ec59a4f57ac79c9538619e29c5e8408fc57e05b6fe34
-
SSDEEP
48:Ss0QejYDx6/gB5B65/ic/2hmm3YGebeTKurfUsMbiFpi86p5P4ZK3hfXfSB:z0QR9B6BvAwbi6xP
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1960 wrote to memory of 1948 1960 rundll32.exe 28 PID 1960 wrote to memory of 1948 1960 rundll32.exe 28 PID 1960 wrote to memory of 1948 1960 rundll32.exe 28 PID 1960 wrote to memory of 1948 1960 rundll32.exe 28 PID 1960 wrote to memory of 1948 1960 rundll32.exe 28 PID 1960 wrote to memory of 1948 1960 rundll32.exe 28 PID 1960 wrote to memory of 1948 1960 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4d1683e9edf16fa5fe164eb69e3181c9ca61604558accda39ed910dc8ea61854.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1960 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4d1683e9edf16fa5fe164eb69e3181c9ca61604558accda39ed910dc8ea61854.dll,#12⤵PID:1948
-