Analysis
-
max time kernel
37s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 15:55
Static task
static1
Behavioral task
behavioral1
Sample
7a9abad8d43f70b7fd87a4d4a1408609796b0eb4b9e1dc6240536c5dcdb2af5c.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
7a9abad8d43f70b7fd87a4d4a1408609796b0eb4b9e1dc6240536c5dcdb2af5c.dll
Resource
win10v2004-20220812-en
General
-
Target
7a9abad8d43f70b7fd87a4d4a1408609796b0eb4b9e1dc6240536c5dcdb2af5c.dll
-
Size
10KB
-
MD5
5ef36e9204afcf4b4976b58d57aa1c64
-
SHA1
ea82e8679ad93ba13ef011953b4b5b483f6cd08a
-
SHA256
7a9abad8d43f70b7fd87a4d4a1408609796b0eb4b9e1dc6240536c5dcdb2af5c
-
SHA512
1250ba885651f8855b884f06ef42e9b06285b0776512586720399c43848b85059bc5b3309804cf71cf4f581da391087f6d8398a819c20732b756509322511ef4
-
SSDEEP
192:Fw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w9wv:ndHad/N20IypWak8dWiWak8EdWN
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1120 wrote to memory of 676 1120 rundll32.exe rundll32.exe PID 1120 wrote to memory of 676 1120 rundll32.exe rundll32.exe PID 1120 wrote to memory of 676 1120 rundll32.exe rundll32.exe PID 1120 wrote to memory of 676 1120 rundll32.exe rundll32.exe PID 1120 wrote to memory of 676 1120 rundll32.exe rundll32.exe PID 1120 wrote to memory of 676 1120 rundll32.exe rundll32.exe PID 1120 wrote to memory of 676 1120 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7a9abad8d43f70b7fd87a4d4a1408609796b0eb4b9e1dc6240536c5dcdb2af5c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7a9abad8d43f70b7fd87a4d4a1408609796b0eb4b9e1dc6240536c5dcdb2af5c.dll,#12⤵