Analysis
-
max time kernel
578s -
max time network
591s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
26-10-2022 23:20
Behavioral task
behavioral1
Sample
a9c68d527223db40014d067cf4fdae5be46cca67387e9cfdff118276085f23ef_unpacked.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a9c68d527223db40014d067cf4fdae5be46cca67387e9cfdff118276085f23ef_unpacked.dll
Resource
win10v2004-20220812-en
General
-
Target
a9c68d527223db40014d067cf4fdae5be46cca67387e9cfdff118276085f23ef_unpacked.dll
-
Size
119KB
-
MD5
959ff528ddbee66e49992cd654d41bab
-
SHA1
7b54da1fb2cbe877b13de309c01a7112224e1f40
-
SHA256
a3c14b0b4756017ee248d0fa029196060ca1f75a1fab7e9d81c74fbaac6a4797
-
SHA512
ef0852311f23f255624c31f320847b5d6ea2da86d81e0693207444b39b73a0f58a0e3f847c585e1a734dc902b1a429c53e193f742e81a60399ac061e76623b54
-
SSDEEP
3072:ZqZol+l/2YQ8S6/aI34vxV7W4LgW3DQumyKBLGMzJo:sugl/nQS3ExV7lkWrKBCMz
Malware Config
Signatures
-
Blocklisted process makes network request 25 IoCs
Processes:
rundll32.exeflow pid process 3 2004 rundll32.exe 4 2004 rundll32.exe 6 2004 rundll32.exe 7 2004 rundll32.exe 8 2004 rundll32.exe 9 2004 rundll32.exe 11 2004 rundll32.exe 12 2004 rundll32.exe 13 2004 rundll32.exe 18 2004 rundll32.exe 19 2004 rundll32.exe 22 2004 rundll32.exe 24 2004 rundll32.exe 27 2004 rundll32.exe 28 2004 rundll32.exe 29 2004 rundll32.exe 30 2004 rundll32.exe 31 2004 rundll32.exe 33 2004 rundll32.exe 34 2004 rundll32.exe 35 2004 rundll32.exe 36 2004 rundll32.exe 37 2004 rundll32.exe 38 2004 rundll32.exe 40 2004 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
rundll32.exepid process 2004 rundll32.exe 2004 rundll32.exe 2004 rundll32.exe 2004 rundll32.exe 2004 rundll32.exe 2004 rundll32.exe 2004 rundll32.exe 2004 rundll32.exe 2004 rundll32.exe 2004 rundll32.exe 2004 rundll32.exe 2004 rundll32.exe 2004 rundll32.exe 2004 rundll32.exe 2004 rundll32.exe 2004 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 948 wrote to memory of 2004 948 rundll32.exe rundll32.exe PID 948 wrote to memory of 2004 948 rundll32.exe rundll32.exe PID 948 wrote to memory of 2004 948 rundll32.exe rundll32.exe PID 948 wrote to memory of 2004 948 rundll32.exe rundll32.exe PID 948 wrote to memory of 2004 948 rundll32.exe rundll32.exe PID 948 wrote to memory of 2004 948 rundll32.exe rundll32.exe PID 948 wrote to memory of 2004 948 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a9c68d527223db40014d067cf4fdae5be46cca67387e9cfdff118276085f23ef_unpacked.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a9c68d527223db40014d067cf4fdae5be46cca67387e9cfdff118276085f23ef_unpacked.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses