Analysis
-
max time kernel
36s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
21-10-2022 08:46
Static task
static1
Behavioral task
behavioral1
Sample
1b57418efd1b2646fe205b6d0050c975bca507b29e043dbd562e122964102c29.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
1b57418efd1b2646fe205b6d0050c975bca507b29e043dbd562e122964102c29.dll
-
Size
245KB
-
MD5
54b6f5942a902091afdd8d5173d2eef0
-
SHA1
8ef4d39065fae20c16ba8039829f301691221a59
-
SHA256
1b57418efd1b2646fe205b6d0050c975bca507b29e043dbd562e122964102c29
-
SHA512
d447ea7cdf5750515ff7e3fdf5f64bde5593d83511dffb1acc1fbed46640accb75ba8a8d8f9030627ea867b0ec97a3ad638f216372cfeb7bfc56752dbc31c000
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0q:jDgtfRQUHPw06MoV2nwTBlhm8S
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 900 wrote to memory of 1488 900 rundll32.exe rundll32.exe PID 900 wrote to memory of 1488 900 rundll32.exe rundll32.exe PID 900 wrote to memory of 1488 900 rundll32.exe rundll32.exe PID 900 wrote to memory of 1488 900 rundll32.exe rundll32.exe PID 900 wrote to memory of 1488 900 rundll32.exe rundll32.exe PID 900 wrote to memory of 1488 900 rundll32.exe rundll32.exe PID 900 wrote to memory of 1488 900 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1b57418efd1b2646fe205b6d0050c975bca507b29e043dbd562e122964102c29.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:900 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1b57418efd1b2646fe205b6d0050c975bca507b29e043dbd562e122964102c29.dll,#12⤵PID:1488