Analysis
-
max time kernel
6s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
21-10-2022 19:32
Static task
static1
Behavioral task
behavioral1
Sample
c95e77348941c858df79b1b0ce1629608e036ef6ac60381eb34c5f376f74f67c.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
c95e77348941c858df79b1b0ce1629608e036ef6ac60381eb34c5f376f74f67c.dll
-
Size
553KB
-
MD5
50afbaf71a3cddeef648dbaa4ebb718b
-
SHA1
4ef0f6910d7694011eab819036fe5356dd07e1b0
-
SHA256
c95e77348941c858df79b1b0ce1629608e036ef6ac60381eb34c5f376f74f67c
-
SHA512
55a9829ce975b5ce3b1a54aaa44fa8da3c7608a09eac090c1974a840660c0f8f1d0998ab69a768311be29d3d55057cc43dff7367b67265db868822c4536a1e28
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0E:jDgtfRQUHPw06MoV2nwTBlhm8s
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1388 wrote to memory of 368 1388 rundll32.exe rundll32.exe PID 1388 wrote to memory of 368 1388 rundll32.exe rundll32.exe PID 1388 wrote to memory of 368 1388 rundll32.exe rundll32.exe PID 1388 wrote to memory of 368 1388 rundll32.exe rundll32.exe PID 1388 wrote to memory of 368 1388 rundll32.exe rundll32.exe PID 1388 wrote to memory of 368 1388 rundll32.exe rundll32.exe PID 1388 wrote to memory of 368 1388 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c95e77348941c858df79b1b0ce1629608e036ef6ac60381eb34c5f376f74f67c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1388 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c95e77348941c858df79b1b0ce1629608e036ef6ac60381eb34c5f376f74f67c.dll,#12⤵PID:368