Analysis
-
max time kernel
35s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
20-10-2022 00:12
Static task
static1
Behavioral task
behavioral1
Sample
207a5de0ac3203b1128c5bf2603d64cc0136408747d7d8adf8d6ae53cb37836f.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
207a5de0ac3203b1128c5bf2603d64cc0136408747d7d8adf8d6ae53cb37836f.dll
-
Size
617KB
-
MD5
81c7e540ee4c1290fc3b0e86b1097120
-
SHA1
2a8a26bb9cf57cf1535b3e9ad609679ede826117
-
SHA256
207a5de0ac3203b1128c5bf2603d64cc0136408747d7d8adf8d6ae53cb37836f
-
SHA512
e2dee1c5640aa80558b5fdb821e807e9e48ec0085a1536aca279342d1e295b73ae2dbfe33283bb7cce6a9275c686ed49c50462c601b6721ef6a6db1c2a502fbe
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0z:jDgtfRQUHPw06MoV2nwTBlhm8b
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1492 wrote to memory of 1376 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1376 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1376 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1376 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1376 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1376 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 1376 1492 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\207a5de0ac3203b1128c5bf2603d64cc0136408747d7d8adf8d6ae53cb37836f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1492 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\207a5de0ac3203b1128c5bf2603d64cc0136408747d7d8adf8d6ae53cb37836f.dll,#12⤵PID:1376