Analysis
-
max time kernel
26s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 23:21
Behavioral task
behavioral1
Sample
0051ec3ce24a724331f265b85a547e56199e3553aaae3fb652b66400ca599900.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0051ec3ce24a724331f265b85a547e56199e3553aaae3fb652b66400ca599900.dll
Resource
win10v2004-20220901-en
General
-
Target
0051ec3ce24a724331f265b85a547e56199e3553aaae3fb652b66400ca599900.dll
-
Size
170KB
-
MD5
44f16435d573f1df05091576f434d5e0
-
SHA1
2801909c1b907d2f7d70ff67cdf04246236e4eba
-
SHA256
0051ec3ce24a724331f265b85a547e56199e3553aaae3fb652b66400ca599900
-
SHA512
d74c7e0a553a19ceb4df8486dc7ee1e8400cba5de64bcdb93a89328b9956aa0d8ebd2b43fcebd4319f98f3ddde1e802e8ae5ad899ba45fa3340ea551d8903aa8
-
SSDEEP
3072:UTtvejdXwDj5cciTeLOjRrJyRQFmHftiqibIojqlfI1+EWvqj:C2XPbGO1JSIwftiqisoelfVa
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
rundll32.exepid process 1836 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 668 wrote to memory of 1836 668 rundll32.exe rundll32.exe PID 668 wrote to memory of 1836 668 rundll32.exe rundll32.exe PID 668 wrote to memory of 1836 668 rundll32.exe rundll32.exe PID 668 wrote to memory of 1836 668 rundll32.exe rundll32.exe PID 668 wrote to memory of 1836 668 rundll32.exe rundll32.exe PID 668 wrote to memory of 1836 668 rundll32.exe rundll32.exe PID 668 wrote to memory of 1836 668 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0051ec3ce24a724331f265b85a547e56199e3553aaae3fb652b66400ca599900.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:668 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0051ec3ce24a724331f265b85a547e56199e3553aaae3fb652b66400ca599900.dll,#12⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:1836