Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
21-10-2022 16:09
Static task
static1
Behavioral task
behavioral1
Sample
ee33b4aa8c28f0aef965abc53f15624dc387601d87054180fb205b792a3cb8b1.dll
Resource
win7-20220901-en
2 signatures
150 seconds
General
-
Target
ee33b4aa8c28f0aef965abc53f15624dc387601d87054180fb205b792a3cb8b1.dll
-
Size
708KB
-
MD5
59f40dd7935ff265f7c79a4f1366d8d0
-
SHA1
3c7bd34d1bb6bd9403b26034568be9209eb8107c
-
SHA256
ee33b4aa8c28f0aef965abc53f15624dc387601d87054180fb205b792a3cb8b1
-
SHA512
86e1d647f70cc689e12c86cd7f87ede0dcfd2a91dfeb4c004e4c1991a34e0a9ef00c3ed1e823a697257e2c973049930cb2eee197ac665e3bffbd715a563eb4e0
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYb:o6RI1Fo/wT3cJYYYYYYYYYYYYb
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2032 wrote to memory of 2016 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 2016 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 2016 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 2016 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 2016 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 2016 2032 rundll32.exe rundll32.exe PID 2032 wrote to memory of 2016 2032 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ee33b4aa8c28f0aef965abc53f15624dc387601d87054180fb205b792a3cb8b1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ee33b4aa8c28f0aef965abc53f15624dc387601d87054180fb205b792a3cb8b1.dll,#12⤵PID:2016