Analysis
-
max time kernel
46s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
21-11-2022 17:21
Static task
static1
Behavioral task
behavioral1
Sample
6b1fc11a3e66a0eeb933b24aa199ced172a249890eaf85d90c1ef3fc395c1a3d.dll
Resource
win7-20220901-en
windows7-x64
2 signatures
150 seconds
General
-
Target
6b1fc11a3e66a0eeb933b24aa199ced172a249890eaf85d90c1ef3fc395c1a3d.dll
-
Size
982KB
-
MD5
0a59cea951a8170d66e3921177bfd91c
-
SHA1
00432636035643b4aeeb097543d2f7a75d2f4f65
-
SHA256
6b1fc11a3e66a0eeb933b24aa199ced172a249890eaf85d90c1ef3fc395c1a3d
-
SHA512
3cd2818ca629cf8f35c7bec8f7061b92cb8fa4f4694c1e33937462a953b8ac722f06c3832eff415031049dd1177fdeee6b49ba791d37ff5d6cdbd0aefddf32e0
-
SSDEEP
3072:o6pU5Y1DXnbMn7Uzkop61/dAzV2O3XwTBftrm2YedGf3QKZD6:o6C5AXbMn7UI1FoV2gwTBlrIckPs
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1600 wrote to memory of 1396 1600 rundll32.exe rundll32.exe PID 1600 wrote to memory of 1396 1600 rundll32.exe rundll32.exe PID 1600 wrote to memory of 1396 1600 rundll32.exe rundll32.exe PID 1600 wrote to memory of 1396 1600 rundll32.exe rundll32.exe PID 1600 wrote to memory of 1396 1600 rundll32.exe rundll32.exe PID 1600 wrote to memory of 1396 1600 rundll32.exe rundll32.exe PID 1600 wrote to memory of 1396 1600 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6b1fc11a3e66a0eeb933b24aa199ced172a249890eaf85d90c1ef3fc395c1a3d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1600 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6b1fc11a3e66a0eeb933b24aa199ced172a249890eaf85d90c1ef3fc395c1a3d.dll,#12⤵PID:1396