Analysis
-
max time kernel
124s -
max time network
158s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 13:17
Static task
static1
Behavioral task
behavioral1
Sample
0f220ebbab71a8568eb0dfff22ea8c77cc05653580dc02ba86ca430c25f285ef.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
0f220ebbab71a8568eb0dfff22ea8c77cc05653580dc02ba86ca430c25f285ef.dll
Resource
win10v2004-20220812-en
General
-
Target
0f220ebbab71a8568eb0dfff22ea8c77cc05653580dc02ba86ca430c25f285ef.dll
-
Size
505KB
-
MD5
9169864057eaed7f170c615ec711cb40
-
SHA1
db9422e6e9681effbf3eaf1fd01c9d3e5cfd5273
-
SHA256
9503a7c255e4388459ec68063e49e5f6698f664a591c143b16a8cae883d7bddd
-
SHA512
0077a4946a80c5e3701ffd50263638bba0b24e7f5eb38a8771e5f6c9f6d98d41c862f19431bd9030033e40fbfb7e85a16c40e2c5e7dd08e65151b4cc749cf989
-
SSDEEP
6144:VCVHWA+UG7KVisYTnad3ZdfZOOJ4bp5pu43vU:VsW5hNTad3NOm4bHc8U
Malware Config
Signatures
-
Blocklisted process makes network request 5 IoCs
Processes:
rundll32.exeflow pid process 1 1280 rundll32.exe 3 1280 rundll32.exe 4 1280 rundll32.exe 5 1280 rundll32.exe 6 1280 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1532 wrote to memory of 1280 1532 rundll32.exe rundll32.exe PID 1532 wrote to memory of 1280 1532 rundll32.exe rundll32.exe PID 1532 wrote to memory of 1280 1532 rundll32.exe rundll32.exe PID 1532 wrote to memory of 1280 1532 rundll32.exe rundll32.exe PID 1532 wrote to memory of 1280 1532 rundll32.exe rundll32.exe PID 1532 wrote to memory of 1280 1532 rundll32.exe rundll32.exe PID 1532 wrote to memory of 1280 1532 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0f220ebbab71a8568eb0dfff22ea8c77cc05653580dc02ba86ca430c25f285ef.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1532 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0f220ebbab71a8568eb0dfff22ea8c77cc05653580dc02ba86ca430c25f285ef.dll,#12⤵
- Blocklisted process makes network request
PID:1280
-