Analysis
-
max time kernel
43s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
21-10-2022 19:33
Static task
static1
Behavioral task
behavioral1
Sample
898e8b76627caa38ed1194364ce25266defdb7c1660c2e694ad90cedb68d5d4d.dll
Resource
win7-20220901-en
2 signatures
150 seconds
General
-
Target
898e8b76627caa38ed1194364ce25266defdb7c1660c2e694ad90cedb68d5d4d.dll
-
Size
225KB
-
MD5
26013a3a43803aa4c98a86d279a11471
-
SHA1
4a1ff2844494b6618c8e431d778d84dfa67f4a21
-
SHA256
898e8b76627caa38ed1194364ce25266defdb7c1660c2e694ad90cedb68d5d4d
-
SHA512
5a2187865e59aace472ac8596304ee731c86a41b81abe942e647558a29a9194e4e54aecb1582086cc88045f09504533b57771c62bbead36b63c2683e390576bb
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0W:jDgtfRQUHPw06MoV2nwTBlhm8+
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1184 wrote to memory of 2044 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 2044 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 2044 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 2044 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 2044 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 2044 1184 rundll32.exe rundll32.exe PID 1184 wrote to memory of 2044 1184 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\898e8b76627caa38ed1194364ce25266defdb7c1660c2e694ad90cedb68d5d4d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1184 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\898e8b76627caa38ed1194364ce25266defdb7c1660c2e694ad90cedb68d5d4d.dll,#12⤵PID:2044