Analysis
-
max time kernel
40s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
20-10-2022 09:35
Static task
static1
Behavioral task
behavioral1
Sample
0f4883add5ad4dd248834b1c9d9554f6fcfd1c88c3ad987e009b77fa77ba28d5.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
0f4883add5ad4dd248834b1c9d9554f6fcfd1c88c3ad987e009b77fa77ba28d5.dll
-
Size
203KB
-
MD5
47d036e5593a7c3776e057ef4ebedddb
-
SHA1
c9432273eedc8f9a15a9d03215aa4a37ce1b80ad
-
SHA256
0f4883add5ad4dd248834b1c9d9554f6fcfd1c88c3ad987e009b77fa77ba28d5
-
SHA512
be60f5bfc5d26bd125f720efad7fc3a61e95018532015e7c2d37ee5b63e8d6dfdc4b1cd5a4f9ebfc9016b097e4b553d3119a6656d5934046d2e4d6e4851851ef
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0E:jDgtfRQUHPw06MoV2nwTBlhm88
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 328 wrote to memory of 852 328 rundll32.exe rundll32.exe PID 328 wrote to memory of 852 328 rundll32.exe rundll32.exe PID 328 wrote to memory of 852 328 rundll32.exe rundll32.exe PID 328 wrote to memory of 852 328 rundll32.exe rundll32.exe PID 328 wrote to memory of 852 328 rundll32.exe rundll32.exe PID 328 wrote to memory of 852 328 rundll32.exe rundll32.exe PID 328 wrote to memory of 852 328 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0f4883add5ad4dd248834b1c9d9554f6fcfd1c88c3ad987e009b77fa77ba28d5.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:328 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0f4883add5ad4dd248834b1c9d9554f6fcfd1c88c3ad987e009b77fa77ba28d5.dll,#12⤵PID:852