Analysis
-
max time kernel
44s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
20-10-2022 20:14
Static task
static1
Behavioral task
behavioral1
Sample
59a997d216f8d26eb699c6cea15567e51953cf5994f45a4076f2bc3cf8981224.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
59a997d216f8d26eb699c6cea15567e51953cf5994f45a4076f2bc3cf8981224.dll
Resource
win10v2004-20220812-en
General
-
Target
59a997d216f8d26eb699c6cea15567e51953cf5994f45a4076f2bc3cf8981224.dll
-
Size
19KB
-
MD5
43f7419bf7dc1535cf042329cf7139c0
-
SHA1
a0a91fbfef1df955fa5ae2004ceb228ea2afccfa
-
SHA256
59a997d216f8d26eb699c6cea15567e51953cf5994f45a4076f2bc3cf8981224
-
SHA512
dd4ffd9d5316f1815a3bdd42aa6debe116fd530eadcb9724b7187ceb3134165d470ba78d4fda133bed6cb4c5b1dad0f7bf33aa7a2974ba7bc140a53a1f423a0e
-
SSDEEP
384:sEIvAHgfEhDsrQ800i80zY4+j7JdZgU0FaXE8:BIIHhhDsGn80zpW7JdZgtFaXE
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
flow pid Process 2 820 rundll32.exe 3 820 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1284 wrote to memory of 820 1284 rundll32.exe 27 PID 1284 wrote to memory of 820 1284 rundll32.exe 27 PID 1284 wrote to memory of 820 1284 rundll32.exe 27 PID 1284 wrote to memory of 820 1284 rundll32.exe 27 PID 1284 wrote to memory of 820 1284 rundll32.exe 27 PID 1284 wrote to memory of 820 1284 rundll32.exe 27 PID 1284 wrote to memory of 820 1284 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\59a997d216f8d26eb699c6cea15567e51953cf5994f45a4076f2bc3cf8981224.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1284 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\59a997d216f8d26eb699c6cea15567e51953cf5994f45a4076f2bc3cf8981224.dll,#12⤵
- Blocklisted process makes network request
PID:820
-