Analysis
-
max time kernel
413s -
max time network
416s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
27-10-2022 00:07
Behavioral task
behavioral1
Sample
3a252ac37d78baad0a81242c0cb2bd68208c12267aa87d3cd3c5d594f1de27a5_unpacked.dll
Resource
win7-20220901-en
windows7-x64
2 signatures
600 seconds
General
-
Target
3a252ac37d78baad0a81242c0cb2bd68208c12267aa87d3cd3c5d594f1de27a5_unpacked.dll
-
Size
154KB
-
MD5
47ff8d660f5e9f9f3fe90f1e87403538
-
SHA1
07238187fe576b022a149172cb1653625c377cd2
-
SHA256
ffde622e1ebf2ded6fe1ad3e22a1ea11c3b3944eac2278277ca186facc4457bf
-
SHA512
571a5220f2757b872a63b4c42b5682fdfbc8bd391522d0d4eef611b55a5ca0c6a2253ee1075f260ad2db083722bb63d18aa02f2d6d76d4f5f604217be5aea375
-
SSDEEP
3072:FOt39ZNj9tlzA458K4cs04gZqNWFzSPeuwDqlalXn/fDXqJj0oy9oV13:ytZN9gCs0uNWFziwDqlalvDqJd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1604 wrote to memory of 1156 1604 rundll32.exe rundll32.exe PID 1604 wrote to memory of 1156 1604 rundll32.exe rundll32.exe PID 1604 wrote to memory of 1156 1604 rundll32.exe rundll32.exe PID 1604 wrote to memory of 1156 1604 rundll32.exe rundll32.exe PID 1604 wrote to memory of 1156 1604 rundll32.exe rundll32.exe PID 1604 wrote to memory of 1156 1604 rundll32.exe rundll32.exe PID 1604 wrote to memory of 1156 1604 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3a252ac37d78baad0a81242c0cb2bd68208c12267aa87d3cd3c5d594f1de27a5_unpacked.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3a252ac37d78baad0a81242c0cb2bd68208c12267aa87d3cd3c5d594f1de27a5_unpacked.dll,#12⤵