Analysis
-
max time kernel
30s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
21-11-2022 17:21
Static task
static1
Behavioral task
behavioral1
Sample
f665f0a2d2a3bc7e0ae5ac03bf1eb6b95000e8dc91de0f6c7c1686e25fefd79d.dll
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
General
-
Target
f665f0a2d2a3bc7e0ae5ac03bf1eb6b95000e8dc91de0f6c7c1686e25fefd79d.dll
-
Size
504KB
-
MD5
1674d14c8bf8f3839fb8ec8a288f6e20
-
SHA1
79719d869e9ecd4fe877894a3fa10705adb6d1f6
-
SHA256
f665f0a2d2a3bc7e0ae5ac03bf1eb6b95000e8dc91de0f6c7c1686e25fefd79d
-
SHA512
8a37bf1db86cbbf455170a7a189ae4dfc06052b16f93b3c24f2bb1d16e16cdb4ec8299b58d459419d8d8d2c0df649440a7faa6b100f04ddc4f0bea6489aa8af3
-
SSDEEP
3072:o6pU5Y1DXnbMn7Uzkop61/dAzV2O3XwTBftrm2YedGf3QKZDk:o6C5AXbMn7UI1FoV2gwTBlrIckPO
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2044 wrote to memory of 2016 2044 rundll32.exe rundll32.exe PID 2044 wrote to memory of 2016 2044 rundll32.exe rundll32.exe PID 2044 wrote to memory of 2016 2044 rundll32.exe rundll32.exe PID 2044 wrote to memory of 2016 2044 rundll32.exe rundll32.exe PID 2044 wrote to memory of 2016 2044 rundll32.exe rundll32.exe PID 2044 wrote to memory of 2016 2044 rundll32.exe rundll32.exe PID 2044 wrote to memory of 2016 2044 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f665f0a2d2a3bc7e0ae5ac03bf1eb6b95000e8dc91de0f6c7c1686e25fefd79d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2044 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f665f0a2d2a3bc7e0ae5ac03bf1eb6b95000e8dc91de0f6c7c1686e25fefd79d.dll,#12⤵PID:2016