Analysis
-
max time kernel
41s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 22:11
Behavioral task
behavioral1
Sample
b2243c6ec31531fa3d203720ff8beda4dfd158ad4d6f81c9a381d408f4607243.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
b2243c6ec31531fa3d203720ff8beda4dfd158ad4d6f81c9a381d408f4607243.dll
Resource
win10v2004-20220812-en
General
-
Target
b2243c6ec31531fa3d203720ff8beda4dfd158ad4d6f81c9a381d408f4607243.dll
-
Size
156KB
-
MD5
5a4283c47a3313bee9e4be963f699d41
-
SHA1
048f07d7bb93c52742b28fb1ad5f5a96ee493f14
-
SHA256
b2243c6ec31531fa3d203720ff8beda4dfd158ad4d6f81c9a381d408f4607243
-
SHA512
53f780529a4b75d24cb4ea0ab99e7c7e4437fce72799f9ffd0891816308921a8458dcec573a4d6b44bedc21b5a1b2ef77da6f3a5f9d4cbbc88c9e514628ca420
-
SSDEEP
3072:rgaZydhMp4/MUCOHu6Au+cb7mcJc0vE152YDjHlphfvs4SmNBO/jFiz:rgaQdhAH6AuLa+XSjHN8oPKw
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1392-56-0x0000000010000000-0x0000000010067000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 972 wrote to memory of 1392 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1392 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1392 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1392 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1392 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1392 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1392 972 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b2243c6ec31531fa3d203720ff8beda4dfd158ad4d6f81c9a381d408f4607243.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:972 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b2243c6ec31531fa3d203720ff8beda4dfd158ad4d6f81c9a381d408f4607243.dll,#12⤵PID:1392