Analysis
-
max time kernel
38s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
21-10-2022 19:33
Static task
static1
Behavioral task
behavioral1
Sample
8af5966054f9fd334c5cf9cb6963110f48f7e12ba3fdf9c241c8fea25b4c6404.dll
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
8af5966054f9fd334c5cf9cb6963110f48f7e12ba3fdf9c241c8fea25b4c6404.dll
-
Size
658KB
-
MD5
41179d5a015d0ebd0b69054a7e0e00f0
-
SHA1
0a6e0e9550e1c6375bd7541a94a5618c8afa3fe0
-
SHA256
8af5966054f9fd334c5cf9cb6963110f48f7e12ba3fdf9c241c8fea25b4c6404
-
SHA512
92e8f815f6b190033dbfa251862dc5156c34b35c38a5f4a7a8e6c040f23be68af35f9bc6ac15aa04cbb9c24602047bbc866571c2adacb11108873a9a79e557be
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0D:jDgtfRQUHPw06MoV2nwTBlhm87
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1104 wrote to memory of 1620 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1620 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1620 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1620 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1620 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1620 1104 rundll32.exe rundll32.exe PID 1104 wrote to memory of 1620 1104 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8af5966054f9fd334c5cf9cb6963110f48f7e12ba3fdf9c241c8fea25b4c6404.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1104 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8af5966054f9fd334c5cf9cb6963110f48f7e12ba3fdf9c241c8fea25b4c6404.dll,#12⤵PID:1620