Analysis
-
max time kernel
124s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 13:17
Static task
static1
Behavioral task
behavioral1
Sample
030aedf498ee37fc9722238e43fd39f5cb984f0e6a86915d30eda69921de0d76.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
030aedf498ee37fc9722238e43fd39f5cb984f0e6a86915d30eda69921de0d76.dll
Resource
win10v2004-20220901-en
General
-
Target
030aedf498ee37fc9722238e43fd39f5cb984f0e6a86915d30eda69921de0d76.dll
-
Size
489KB
-
MD5
1aea9113ae5e60e3f5494d4e34fb113d
-
SHA1
d6512ec1ed1b046256a2d1d45c1c61e1d6c96140
-
SHA256
f524cdc6225f17080cbfef59486da73a75a3eb5814e12fae029e7b53418f18df
-
SHA512
ba1839206ecfd1e1ce8e676cfaad58d077eb91059bb683fab60e70e8a11a064c19eb70f9b7164d0b2f5fd4848e72eb5c17c6bad9d939fe649af5cf2ff07c589b
-
SSDEEP
6144:ayIyWeddvZz2Kxn2ZJUa5Vmp9GGlyxHb4Ja/U:7vdVR9Ha52G+qHb4E/U
Malware Config
Signatures
-
Blocklisted process makes network request 5 IoCs
Processes:
rundll32.exeflow pid process 1 1356 rundll32.exe 2 1356 rundll32.exe 4 1356 rundll32.exe 5 1356 rundll32.exe 6 1356 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1308 wrote to memory of 1356 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1356 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1356 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1356 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1356 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1356 1308 rundll32.exe rundll32.exe PID 1308 wrote to memory of 1356 1308 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\030aedf498ee37fc9722238e43fd39f5cb984f0e6a86915d30eda69921de0d76.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1308 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\030aedf498ee37fc9722238e43fd39f5cb984f0e6a86915d30eda69921de0d76.dll,#12⤵
- Blocklisted process makes network request
PID:1356