Analysis
-
max time kernel
29s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
19-10-2022 14:16
Static task
static1
Behavioral task
behavioral1
Sample
5e00a457a8c99109bacbe7d86f087745c093af335a20f904370b60f91f879127.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5e00a457a8c99109bacbe7d86f087745c093af335a20f904370b60f91f879127.dll
Resource
win10v2004-20220901-en
General
-
Target
5e00a457a8c99109bacbe7d86f087745c093af335a20f904370b60f91f879127.dll
-
Size
687KB
-
MD5
81ad035b297ce5596d64d9e70c3e2c30
-
SHA1
6368bb497992fcc718b354cb7f6a70ccbb4af5e4
-
SHA256
5e00a457a8c99109bacbe7d86f087745c093af335a20f904370b60f91f879127
-
SHA512
14cf834093b4b89fda00c29741948b16b3c34213c3c12cb77dc01095b9880f89c55e78778a7d39b9186bb70ef09d520f4d0fec401f58206a51f0c0ffe47d7488
-
SSDEEP
3072:/kn3lAdL6IaHKP4qrEwT+0RNNLgFF5YhorODOd1XZmf8kFyw://dL73A+Tt8EorODOd1XZypyw
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1008 wrote to memory of 1368 1008 rundll32.exe 28 PID 1008 wrote to memory of 1368 1008 rundll32.exe 28 PID 1008 wrote to memory of 1368 1008 rundll32.exe 28 PID 1008 wrote to memory of 1368 1008 rundll32.exe 28 PID 1008 wrote to memory of 1368 1008 rundll32.exe 28 PID 1008 wrote to memory of 1368 1008 rundll32.exe 28 PID 1008 wrote to memory of 1368 1008 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5e00a457a8c99109bacbe7d86f087745c093af335a20f904370b60f91f879127.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1008 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5e00a457a8c99109bacbe7d86f087745c093af335a20f904370b60f91f879127.dll,#12⤵PID:1368
-