Analysis
-
max time kernel
44s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
07-11-2022 15:05
Static task
static1
Behavioral task
behavioral1
Sample
ae6adc1eba5ad2969dd0adeda3e771896fffbbe3a0e85aeb5c6ca5add0dae96e.dll
Resource
win7-20220901-en
windows7-x64
2 signatures
150 seconds
General
-
Target
ae6adc1eba5ad2969dd0adeda3e771896fffbbe3a0e85aeb5c6ca5add0dae96e.dll
-
Size
281KB
-
MD5
0eff627815250b5ba9cd81f7cc242f80
-
SHA1
8f1ecb9fca574e205584cb4cb1ec693537deec01
-
SHA256
ae6adc1eba5ad2969dd0adeda3e771896fffbbe3a0e85aeb5c6ca5add0dae96e
-
SHA512
17d43acadbda78254f371d7d1506af3846c7c11d3bc43d20c8b67de8d1a68819d9928795dd9d720b1a8add5d70972b5890a3424e5e245441647711b7b9da2a48
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0R:jDgtfRQUHPw06MoV2nwTBlhm8J
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1900 wrote to memory of 2024 1900 rundll32.exe 27 PID 1900 wrote to memory of 2024 1900 rundll32.exe 27 PID 1900 wrote to memory of 2024 1900 rundll32.exe 27 PID 1900 wrote to memory of 2024 1900 rundll32.exe 27 PID 1900 wrote to memory of 2024 1900 rundll32.exe 27 PID 1900 wrote to memory of 2024 1900 rundll32.exe 27 PID 1900 wrote to memory of 2024 1900 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ae6adc1eba5ad2969dd0adeda3e771896fffbbe3a0e85aeb5c6ca5add0dae96e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1900 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ae6adc1eba5ad2969dd0adeda3e771896fffbbe3a0e85aeb5c6ca5add0dae96e.dll,#12⤵PID:2024
-