Analysis
-
max time kernel
47s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
20-10-2022 21:20
Static task
static1
Behavioral task
behavioral1
Sample
c6fba941aee3b86f2582c1c0b8f8c53ee182a9fb95373251e134799121775f7f.dll
Resource
win7-20220901-en
2 signatures
150 seconds
General
-
Target
c6fba941aee3b86f2582c1c0b8f8c53ee182a9fb95373251e134799121775f7f.dll
-
Size
622KB
-
MD5
8135ccbeac431f189926378a99ebb7f0
-
SHA1
a352646efc689de8b384b488f15c3beed753a517
-
SHA256
c6fba941aee3b86f2582c1c0b8f8c53ee182a9fb95373251e134799121775f7f
-
SHA512
4bc953eba564e15420800a819db1783ab951abbe88ab85617488d6912ce943cc0a1cb9a8f71047ccb16c778a3ab7cf658237d53b3ae2f6172a7a6bfc52f994ca
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0U:jDgtfRQUHPw06MoV2nwTBlhm8M
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 860 wrote to memory of 1252 860 rundll32.exe rundll32.exe PID 860 wrote to memory of 1252 860 rundll32.exe rundll32.exe PID 860 wrote to memory of 1252 860 rundll32.exe rundll32.exe PID 860 wrote to memory of 1252 860 rundll32.exe rundll32.exe PID 860 wrote to memory of 1252 860 rundll32.exe rundll32.exe PID 860 wrote to memory of 1252 860 rundll32.exe rundll32.exe PID 860 wrote to memory of 1252 860 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c6fba941aee3b86f2582c1c0b8f8c53ee182a9fb95373251e134799121775f7f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:860 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c6fba941aee3b86f2582c1c0b8f8c53ee182a9fb95373251e134799121775f7f.dll,#12⤵PID:1252