Analysis
-
max time kernel
37s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
20-10-2022 09:35
Static task
static1
Behavioral task
behavioral1
Sample
c446e5da1c2a0938697469489ff2e86118b766e5d54a8f3e3e1c79f83b327238.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
c446e5da1c2a0938697469489ff2e86118b766e5d54a8f3e3e1c79f83b327238.dll
-
Size
577KB
-
MD5
4a6e3de862bca88df72de06742a2d490
-
SHA1
83851359894707bb45f6ac1a5ab2d1495fd68e80
-
SHA256
c446e5da1c2a0938697469489ff2e86118b766e5d54a8f3e3e1c79f83b327238
-
SHA512
b1d4dc80bff3e2dfbf5ae9f597a141a32fe7c6ad773661b89dd937d84afdb6ff917f332aa4dded15670130f8ae8000b5dac9a6ed1b31db1aa6732df903bcabb4
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0U:jDgtfRQUHPw06MoV2nwTBlhm88
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 904 wrote to memory of 1736 904 rundll32.exe rundll32.exe PID 904 wrote to memory of 1736 904 rundll32.exe rundll32.exe PID 904 wrote to memory of 1736 904 rundll32.exe rundll32.exe PID 904 wrote to memory of 1736 904 rundll32.exe rundll32.exe PID 904 wrote to memory of 1736 904 rundll32.exe rundll32.exe PID 904 wrote to memory of 1736 904 rundll32.exe rundll32.exe PID 904 wrote to memory of 1736 904 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c446e5da1c2a0938697469489ff2e86118b766e5d54a8f3e3e1c79f83b327238.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:904 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c446e5da1c2a0938697469489ff2e86118b766e5d54a8f3e3e1c79f83b327238.dll,#12⤵PID:1736