Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
31/10/2022, 22:52
Static task
static1
Behavioral task
behavioral1
Sample
088c92fca5f0e7b3af29cdc68bc811f0bab819a2ab63f6691f9bdbe0c36df1be.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
088c92fca5f0e7b3af29cdc68bc811f0bab819a2ab63f6691f9bdbe0c36df1be.dll
Resource
win10v2004-20220812-en
General
-
Target
088c92fca5f0e7b3af29cdc68bc811f0bab819a2ab63f6691f9bdbe0c36df1be.dll
-
Size
11KB
-
MD5
d0f7517df08d48806a76aecd5ffa9070
-
SHA1
afa538f026fe9bb972bd3922c950e503bfab175e
-
SHA256
088c92fca5f0e7b3af29cdc68bc811f0bab819a2ab63f6691f9bdbe0c36df1be
-
SHA512
d6777c2dc2e74321fdb25d9bb5152a1f9d32d7812fc8d6392d1a6fa420a350b77563e34aac68941e72b21689de09174f521008d0fce3203040d813a98ac7ca7d
-
SSDEEP
192:1qDTt3f7VBohrx6gDgmfDpQY5Imr53AnKpM0d+Tgj/gdGIONkV:1YTlirxZDgm7SYxGnKS0d+Tgj/gdGB
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 948 wrote to memory of 2004 948 rundll32.exe 28 PID 948 wrote to memory of 2004 948 rundll32.exe 28 PID 948 wrote to memory of 2004 948 rundll32.exe 28 PID 948 wrote to memory of 2004 948 rundll32.exe 28 PID 948 wrote to memory of 2004 948 rundll32.exe 28 PID 948 wrote to memory of 2004 948 rundll32.exe 28 PID 948 wrote to memory of 2004 948 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\088c92fca5f0e7b3af29cdc68bc811f0bab819a2ab63f6691f9bdbe0c36df1be.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:948 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\088c92fca5f0e7b3af29cdc68bc811f0bab819a2ab63f6691f9bdbe0c36df1be.dll,#12⤵PID:2004
-