Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
31/10/2022, 22:51
Static task
static1
Behavioral task
behavioral1
Sample
40224b10f6543ea1a26bffadfe91c22233b2828118203cbd81b528c2fd592901.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
40224b10f6543ea1a26bffadfe91c22233b2828118203cbd81b528c2fd592901.dll
Resource
win10v2004-20220901-en
General
-
Target
40224b10f6543ea1a26bffadfe91c22233b2828118203cbd81b528c2fd592901.dll
-
Size
736KB
-
MD5
a145dc31e3accf25664dd91d2eff6458
-
SHA1
d97c99bf29d89987d102947c0f36f4c1d5d43cfc
-
SHA256
40224b10f6543ea1a26bffadfe91c22233b2828118203cbd81b528c2fd592901
-
SHA512
cfd92694301151a4b25b645835dbebcded86632684ce397d352558dfa9984a6b3c22adb4468daef18624fd947473c0de7bc2918b409616101662d0a3c4388314
-
SSDEEP
12288:Zbm39NuDQwXvSaEkBr8sIkDbh2modm/Dzheaj:Zi39NQQIvSDkR8nkR2modm7zheM
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2012 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1800 wrote to memory of 2012 1800 rundll32.exe 28 PID 1800 wrote to memory of 2012 1800 rundll32.exe 28 PID 1800 wrote to memory of 2012 1800 rundll32.exe 28 PID 1800 wrote to memory of 2012 1800 rundll32.exe 28 PID 1800 wrote to memory of 2012 1800 rundll32.exe 28 PID 1800 wrote to memory of 2012 1800 rundll32.exe 28 PID 1800 wrote to memory of 2012 1800 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\40224b10f6543ea1a26bffadfe91c22233b2828118203cbd81b528c2fd592901.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1800 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\40224b10f6543ea1a26bffadfe91c22233b2828118203cbd81b528c2fd592901.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:2012
-