Analysis
-
max time kernel
48s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
08-11-2022 16:16
Static task
static1
Behavioral task
behavioral1
Sample
74c552c675f34d912318851bc7b5ccb8791ac35d70e55801ccdcb867ba987872.dll
Resource
win7-20220901-en
windows7-x64
2 signatures
150 seconds
General
-
Target
74c552c675f34d912318851bc7b5ccb8791ac35d70e55801ccdcb867ba987872.dll
-
Size
486KB
-
MD5
032928848596677ee373af532466e560
-
SHA1
fd295d4757a30ff8448c2b65ab4b433f97412558
-
SHA256
74c552c675f34d912318851bc7b5ccb8791ac35d70e55801ccdcb867ba987872
-
SHA512
83fd62e8c19c6ccbffd048b69e06de5e1570c194fb0551232a054e2559d28bbd2c1622dadb388494af708d4103b7700818ae1c307f592da5aabc38c7f2b470f2
-
SSDEEP
3072:o6pU5Y1DXnbMn7Uzkop61/dAzV2O3XwTBftrm2YedGf3QKZD0:o6C5AXbMn7UI1FoV2gwTBlrIckPe
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1376 wrote to memory of 840 1376 rundll32.exe 26 PID 1376 wrote to memory of 840 1376 rundll32.exe 26 PID 1376 wrote to memory of 840 1376 rundll32.exe 26 PID 1376 wrote to memory of 840 1376 rundll32.exe 26 PID 1376 wrote to memory of 840 1376 rundll32.exe 26 PID 1376 wrote to memory of 840 1376 rundll32.exe 26 PID 1376 wrote to memory of 840 1376 rundll32.exe 26
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\74c552c675f34d912318851bc7b5ccb8791ac35d70e55801ccdcb867ba987872.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1376 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\74c552c675f34d912318851bc7b5ccb8791ac35d70e55801ccdcb867ba987872.dll,#12⤵PID:840
-