Analysis
-
max time kernel
47s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
21-10-2022 19:32
Static task
static1
Behavioral task
behavioral1
Sample
e58b09addd9d96efe60189ace754cbfa0b22b7a4c7f2995941c127daee388b98.dll
Resource
win7-20220901-en
2 signatures
150 seconds
General
-
Target
e58b09addd9d96efe60189ace754cbfa0b22b7a4c7f2995941c127daee388b98.dll
-
Size
246KB
-
MD5
7713eb6938018847c859246bf072d9d2
-
SHA1
11eba64c80d797324f06eabcc01bca880c23de95
-
SHA256
e58b09addd9d96efe60189ace754cbfa0b22b7a4c7f2995941c127daee388b98
-
SHA512
e6564fde306fdf80b912a531e295f4ec180487f6a99472c063e0a597b3c426e5590e8bc938d44205ab4fc4303526205421e52a9c46299ff3358bd4b3d15d3b69
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0Q:jDgtfRQUHPw06MoV2nwTBlhm84
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1416 wrote to memory of 1224 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1224 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1224 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1224 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1224 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1224 1416 rundll32.exe rundll32.exe PID 1416 wrote to memory of 1224 1416 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e58b09addd9d96efe60189ace754cbfa0b22b7a4c7f2995941c127daee388b98.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1416 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e58b09addd9d96efe60189ace754cbfa0b22b7a4c7f2995941c127daee388b98.dll,#12⤵PID:1224