Analysis
-
max time kernel
413s -
max time network
416s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
27-10-2022 00:03
Behavioral task
behavioral1
Sample
2e563953d95288b1e36d9b7a556cb71d907510e40df243ec8b9c8ec1903edb13_unpacked.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
600 seconds
General
-
Target
2e563953d95288b1e36d9b7a556cb71d907510e40df243ec8b9c8ec1903edb13_unpacked.dll
-
Size
146KB
-
MD5
9b14a37463b58a73d05d34adf8003ef7
-
SHA1
71b3581a17acc5112c4a9fcc9957ca0bdd54ab8a
-
SHA256
90a75fcaa0c8da7865da027c84793cdfdef64d26d3ac7172ea8bbce2e63f4c15
-
SHA512
462bb96e9359e4dec8814ec8ec8d6f96cc56f6804c488eb26a7e183e22d56f9fa97705e6ac3dba7cf9dee30da1e3326aef31be1087ba805bfe3dd77f6ba038c9
-
SSDEEP
3072:pLdrePUath0c2HxGLLRQy2Ty1qlalXnGv+Zhc2t3zJnmWpH0/p:pdrezthd2HxyLRQvTgqlalJDt3zJnmWp
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 896 wrote to memory of 1952 896 rundll32.exe rundll32.exe PID 896 wrote to memory of 1952 896 rundll32.exe rundll32.exe PID 896 wrote to memory of 1952 896 rundll32.exe rundll32.exe PID 896 wrote to memory of 1952 896 rundll32.exe rundll32.exe PID 896 wrote to memory of 1952 896 rundll32.exe rundll32.exe PID 896 wrote to memory of 1952 896 rundll32.exe rundll32.exe PID 896 wrote to memory of 1952 896 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2e563953d95288b1e36d9b7a556cb71d907510e40df243ec8b9c8ec1903edb13_unpacked.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2e563953d95288b1e36d9b7a556cb71d907510e40df243ec8b9c8ec1903edb13_unpacked.dll,#12⤵