Analysis
-
max time kernel
435s -
max time network
438s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
26-10-2022 23:52
Static task
static1
Behavioral task
behavioral1
Sample
0e61ecd0aad87a72d36bc10288303292859a800d2237ac9c32755d9e455e87e2_unpacked.dll
Resource
win7-20220812-en
windows7-x64
3 signatures
600 seconds
General
-
Target
0e61ecd0aad87a72d36bc10288303292859a800d2237ac9c32755d9e455e87e2_unpacked.dll
-
Size
89KB
-
MD5
ffc592251858b76abc3db0dbfe7a078d
-
SHA1
48735504d3dd1444f326862a8725fe380818fbcd
-
SHA256
1f7c992588a82d6bec0f5dd1b5de60c3bb937797e8c78c9d11a7cd4313baadf9
-
SHA512
5c24bc0dbd2024cec9390430f0d2b91f8ad97b71ff08d39ac339aac3b4f25c178cde0769785f812b6537ae4c2d94773c48936bbd942e97cfc057dd8b9ad4b20f
-
SSDEEP
1536:D5LMc5TFyZiEK6wwicirXrc0dbYdmGNu0CPFDNIWvsZr2TVsaPO:2c5TFyZirXQh9CNDNIW55O
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
rundll32.exepid process 1364 rundll32.exe 1364 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1996 wrote to memory of 1364 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 1364 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 1364 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 1364 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 1364 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 1364 1996 rundll32.exe rundll32.exe PID 1996 wrote to memory of 1364 1996 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0e61ecd0aad87a72d36bc10288303292859a800d2237ac9c32755d9e455e87e2_unpacked.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0e61ecd0aad87a72d36bc10288303292859a800d2237ac9c32755d9e455e87e2_unpacked.dll,#12⤵
- Suspicious use of SetWindowsHookEx