Analysis
-
max time kernel
33s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
21-10-2022 19:32
Static task
static1
Behavioral task
behavioral1
Sample
db145e9a4a25c814bad5249b7f2ec7dbc516a04aed1cdc635981973648d59e2e.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
db145e9a4a25c814bad5249b7f2ec7dbc516a04aed1cdc635981973648d59e2e.dll
-
Size
327KB
-
MD5
28bd3ee81e7d86fb9ee20d6ed602dc34
-
SHA1
ceb360aa21f27336e8d304038cedf6ce0cad2549
-
SHA256
db145e9a4a25c814bad5249b7f2ec7dbc516a04aed1cdc635981973648d59e2e
-
SHA512
30d44487ac8c2464718cd98ded30741a715a5aaf7ed8cc07ffb41ce3893349b800e463cbb916108fe2d981e80f462555e199b52e294fa3bc5c35399d5405c4b5
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0l:jDgtfRQUHPw06MoV2nwTBlhm8N
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1928 wrote to memory of 1704 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1704 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1704 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1704 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1704 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1704 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1704 1928 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\db145e9a4a25c814bad5249b7f2ec7dbc516a04aed1cdc635981973648d59e2e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1928 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\db145e9a4a25c814bad5249b7f2ec7dbc516a04aed1cdc635981973648d59e2e.dll,#12⤵PID:1704