Analysis
-
max time kernel
47s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
21-10-2022 16:09
Static task
static1
Behavioral task
behavioral1
Sample
60e39b3c287bcdc58b86b6a1d680aa7873ca83cc4ee3b86dd60c2cb96c532530.dll
Resource
win7-20220901-en
2 signatures
150 seconds
General
-
Target
60e39b3c287bcdc58b86b6a1d680aa7873ca83cc4ee3b86dd60c2cb96c532530.dll
-
Size
964KB
-
MD5
454f94ab8db7fc0e4e720ae38fc23020
-
SHA1
fbdc0677fdf110657e7ca516f76cb40f1710294d
-
SHA256
60e39b3c287bcdc58b86b6a1d680aa7873ca83cc4ee3b86dd60c2cb96c532530
-
SHA512
a50c300cc06ae7ffaf7bee02999c44b92bd2d0c4f81f224b27af11ed3c1d9351e2ab18b38c7482fde17cd0fdc1a1e320f41523a7cc1c986f5ea22c9b6735f3b4
-
SSDEEP
3072:o6pU5Y1DXnbMn7Uzkop61/dAzV2O3XwTBftrm2YedGf3QKZDV:o6C5AXbMn7UI1FoV2gwTBlrIckPH
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1768 wrote to memory of 1112 1768 rundll32.exe rundll32.exe PID 1768 wrote to memory of 1112 1768 rundll32.exe rundll32.exe PID 1768 wrote to memory of 1112 1768 rundll32.exe rundll32.exe PID 1768 wrote to memory of 1112 1768 rundll32.exe rundll32.exe PID 1768 wrote to memory of 1112 1768 rundll32.exe rundll32.exe PID 1768 wrote to memory of 1112 1768 rundll32.exe rundll32.exe PID 1768 wrote to memory of 1112 1768 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\60e39b3c287bcdc58b86b6a1d680aa7873ca83cc4ee3b86dd60c2cb96c532530.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1768 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\60e39b3c287bcdc58b86b6a1d680aa7873ca83cc4ee3b86dd60c2cb96c532530.dll,#12⤵PID:1112