Analysis
-
max time kernel
47s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
20-10-2022 00:11
Static task
static1
Behavioral task
behavioral1
Sample
ead6409badf8d0f2109e32028a19dc5a8d80a08d4853e2641ea14b75b26a6421.dll
Resource
win7-20220901-en
2 signatures
150 seconds
General
-
Target
ead6409badf8d0f2109e32028a19dc5a8d80a08d4853e2641ea14b75b26a6421.dll
-
Size
316KB
-
MD5
906bfb685a68444886c6986539960040
-
SHA1
2c646fd86f23560539ac1f2b76dab165181e1bcb
-
SHA256
ead6409badf8d0f2109e32028a19dc5a8d80a08d4853e2641ea14b75b26a6421
-
SHA512
61785dfc5fb244557f97bf6f60fbf51cf86c5698d8e44f1de4a4840edbf7a0e4222a8de81062cbe4ba7134f4b5484dd67934198c99ce8930c122790469c06852
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0/:jDgtfRQUHPw06MoV2nwTBlhm83
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1724 wrote to memory of 1128 1724 rundll32.exe rundll32.exe PID 1724 wrote to memory of 1128 1724 rundll32.exe rundll32.exe PID 1724 wrote to memory of 1128 1724 rundll32.exe rundll32.exe PID 1724 wrote to memory of 1128 1724 rundll32.exe rundll32.exe PID 1724 wrote to memory of 1128 1724 rundll32.exe rundll32.exe PID 1724 wrote to memory of 1128 1724 rundll32.exe rundll32.exe PID 1724 wrote to memory of 1128 1724 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ead6409badf8d0f2109e32028a19dc5a8d80a08d4853e2641ea14b75b26a6421.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1724 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ead6409badf8d0f2109e32028a19dc5a8d80a08d4853e2641ea14b75b26a6421.dll,#12⤵PID:1128