Analysis
-
max time kernel
47s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
21-10-2022 16:09
Static task
static1
Behavioral task
behavioral1
Sample
2fe8d2516d2bf0efe9a5d4ff731d05f165a7aa1e97cc19c680e2036b3a29613f.dll
Resource
win7-20220901-en
2 signatures
150 seconds
General
-
Target
2fe8d2516d2bf0efe9a5d4ff731d05f165a7aa1e97cc19c680e2036b3a29613f.dll
-
Size
946KB
-
MD5
12455e1687e8cff4fa2f540b15d4d163
-
SHA1
26897a20fb3a70f8e7f44775be45f64fce68785e
-
SHA256
2fe8d2516d2bf0efe9a5d4ff731d05f165a7aa1e97cc19c680e2036b3a29613f
-
SHA512
9f07ce957994f38d96856b632360f1cccab173cc447ac3b3d50c8dc1838622f201290ffd6d1bd83be71f3735c3005930fa1686905ad2fb5b108163e00769f137
-
SSDEEP
3072:o6pU5Y1DXnbMn7Uzkop61/dAzV2O3XwTBftrm2YedGf3QKZDj:o6C5AXbMn7UI1FoV2gwTBlrIckPZ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1380 wrote to memory of 1672 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 1672 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 1672 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 1672 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 1672 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 1672 1380 rundll32.exe rundll32.exe PID 1380 wrote to memory of 1672 1380 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2fe8d2516d2bf0efe9a5d4ff731d05f165a7aa1e97cc19c680e2036b3a29613f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1380 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2fe8d2516d2bf0efe9a5d4ff731d05f165a7aa1e97cc19c680e2036b3a29613f.dll,#12⤵PID:1672