Analysis
-
max time kernel
25s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
19-10-2022 21:35
Static task
static1
Behavioral task
behavioral1
Sample
d62ed7317266263d42c89f23be74575a0ba0f04a30cee8f3867fd0f80076a3b6.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d62ed7317266263d42c89f23be74575a0ba0f04a30cee8f3867fd0f80076a3b6.dll
Resource
win10v2004-20220812-en
General
-
Target
d62ed7317266263d42c89f23be74575a0ba0f04a30cee8f3867fd0f80076a3b6.dll
-
Size
118KB
-
MD5
91b3cb5237f23766a43a3ead08170e7b
-
SHA1
a2e2553dce1824bc17fbb3a7a57ed384a9832b79
-
SHA256
d62ed7317266263d42c89f23be74575a0ba0f04a30cee8f3867fd0f80076a3b6
-
SHA512
b7a9b827a23f73c15eb5dce34ff5547a5497c6591bccfb6085e8e13c4dc272b76e06834fbc5c7c58c4e36739fa59c5fcd0723ddc558ca4d60341496bbc43283b
-
SSDEEP
3072:g4JUnuz5X32mJ+KGEp+CPPAixb8Vd/pcbV+RHFuL:TWnYn2Up+6NyPi+RHUL
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1448 wrote to memory of 900 1448 rundll32.exe 28 PID 1448 wrote to memory of 900 1448 rundll32.exe 28 PID 1448 wrote to memory of 900 1448 rundll32.exe 28 PID 1448 wrote to memory of 900 1448 rundll32.exe 28 PID 1448 wrote to memory of 900 1448 rundll32.exe 28 PID 1448 wrote to memory of 900 1448 rundll32.exe 28 PID 1448 wrote to memory of 900 1448 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d62ed7317266263d42c89f23be74575a0ba0f04a30cee8f3867fd0f80076a3b6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1448 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d62ed7317266263d42c89f23be74575a0ba0f04a30cee8f3867fd0f80076a3b6.dll,#12⤵PID:900
-