Analysis
-
max time kernel
40s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
20-10-2022 21:20
Static task
static1
Behavioral task
behavioral1
Sample
82bdac6e02abb36ffc886ad3f68250806b83fb50b3f9de03408e28b8f94d498a.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
82bdac6e02abb36ffc886ad3f68250806b83fb50b3f9de03408e28b8f94d498a.dll
-
Size
832KB
-
MD5
4016ab60cce0601d0a2f54c067a1afe0
-
SHA1
98c553eb636064a4e971507a06cc7dd15fd0c9ef
-
SHA256
82bdac6e02abb36ffc886ad3f68250806b83fb50b3f9de03408e28b8f94d498a
-
SHA512
5cd1112408522283d0e6c55537ecad044f160ee502086c576c216c487df74920394d95976261c09d13548a98990437ba20bba993f15d21fb67d548064ce74295
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q04:jDgtfRQUHPw06MoV2nwTBlhm8w
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2036 wrote to memory of 544 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 544 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 544 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 544 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 544 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 544 2036 rundll32.exe rundll32.exe PID 2036 wrote to memory of 544 2036 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\82bdac6e02abb36ffc886ad3f68250806b83fb50b3f9de03408e28b8f94d498a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2036 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\82bdac6e02abb36ffc886ad3f68250806b83fb50b3f9de03408e28b8f94d498a.dll,#12⤵PID:544