Analysis
-
max time kernel
79s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 12:54
Static task
static1
Behavioral task
behavioral1
Sample
df1285024b1f7cf27a70e8384cc77729d1bf0d387929a608a872594f3ae1e004.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
df1285024b1f7cf27a70e8384cc77729d1bf0d387929a608a872594f3ae1e004.dll
Resource
win10v2004-20220901-en
General
-
Target
df1285024b1f7cf27a70e8384cc77729d1bf0d387929a608a872594f3ae1e004.dll
-
Size
11KB
-
MD5
8f1e0171da20d4fa766cefbc0b2d0b12
-
SHA1
de11a019d1959884d1539e8eb6a0e02dfff28c0b
-
SHA256
df1285024b1f7cf27a70e8384cc77729d1bf0d387929a608a872594f3ae1e004
-
SHA512
c366d24c05a55ed92f1ee30b06634f4cca6e54c41db3320539b55984f4b0af51d75b90d807975ca53df18b0df2f072baf7c755595d75063153309e2d1cad4ba5
-
SSDEEP
192:4XoNSc57tNnE0eEdMKJCBHafMoAH8biCGDowHHPFBCiGhAzzN9qdH/K0:uR67tN1mKJuAMoU8biCQopi6DdHr
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 268 wrote to memory of 1128 268 rundll32.exe rundll32.exe PID 268 wrote to memory of 1128 268 rundll32.exe rundll32.exe PID 268 wrote to memory of 1128 268 rundll32.exe rundll32.exe PID 268 wrote to memory of 1128 268 rundll32.exe rundll32.exe PID 268 wrote to memory of 1128 268 rundll32.exe rundll32.exe PID 268 wrote to memory of 1128 268 rundll32.exe rundll32.exe PID 268 wrote to memory of 1128 268 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\df1285024b1f7cf27a70e8384cc77729d1bf0d387929a608a872594f3ae1e004.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\df1285024b1f7cf27a70e8384cc77729d1bf0d387929a608a872594f3ae1e004.dll,#12⤵