Analysis
-
max time kernel
424s -
max time network
427s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
27-10-2022 00:07
Behavioral task
behavioral1
Sample
3953faf955eede8c2220a501a0bc58be7fe58898ecb66a44d4373d2259dc69ff_unpacked.dll
Resource
win7-20220812-en
windows7-x64
2 signatures
600 seconds
General
-
Target
3953faf955eede8c2220a501a0bc58be7fe58898ecb66a44d4373d2259dc69ff_unpacked.dll
-
Size
151KB
-
MD5
215deda6c849d1c2da60253d35ee9e09
-
SHA1
4136b0341013085b16aa6c5568506b14fa88f40e
-
SHA256
b72d412ba4cebb19928816d686b9ef214cbe4e843a4f0760ea1364260595ada8
-
SHA512
9056727a55a98f486f2d9d7815ed5bc2d45d15d5fa0057913b5ce2b35a1dcff74f01f7bf7ee516f460ab98ebc061f20f4b66aaf8bde12c0a675523337a3b0fef
-
SSDEEP
3072:DsajR3l2w1I4c2CtZIwGC2qlalXnuQRAja1dLouddR6d702+ENQzLDgsf5WS:DVR1/gD94qlal+jE8uddkd70B9f/
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1764 wrote to memory of 1956 1764 rundll32.exe rundll32.exe PID 1764 wrote to memory of 1956 1764 rundll32.exe rundll32.exe PID 1764 wrote to memory of 1956 1764 rundll32.exe rundll32.exe PID 1764 wrote to memory of 1956 1764 rundll32.exe rundll32.exe PID 1764 wrote to memory of 1956 1764 rundll32.exe rundll32.exe PID 1764 wrote to memory of 1956 1764 rundll32.exe rundll32.exe PID 1764 wrote to memory of 1956 1764 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3953faf955eede8c2220a501a0bc58be7fe58898ecb66a44d4373d2259dc69ff_unpacked.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3953faf955eede8c2220a501a0bc58be7fe58898ecb66a44d4373d2259dc69ff_unpacked.dll,#12⤵