Analysis
-
max time kernel
38s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 16:56
Static task
static1
Behavioral task
behavioral1
Sample
45c6403eec7777a7eea11b22d47fd9064fca69415de67fff319b175d9e154cda.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
45c6403eec7777a7eea11b22d47fd9064fca69415de67fff319b175d9e154cda.dll
Resource
win10v2004-20221111-en
General
-
Target
45c6403eec7777a7eea11b22d47fd9064fca69415de67fff319b175d9e154cda.dll
-
Size
360KB
-
MD5
023f8e3609f28c0ff687db8a910fc443
-
SHA1
51bb068f38a33cc4aa7fabd1d0d7e2acb3956525
-
SHA256
45c6403eec7777a7eea11b22d47fd9064fca69415de67fff319b175d9e154cda
-
SHA512
dd3303e4d3d34fdc574905054e7178f2a8ef58dda89fb23eb118c58da41a6bf284c17ba2cb83b343dc2931d8694d370aa085d7f4177c231bbdad9a1127085a2f
-
SSDEEP
6144:bwM3I4nEYm2WLZz9PGGISkraoIX4NRZLLd/BZpymJZBS+tSfEwv5wyQ:EkI4nJmRz9PGGjkrgoN9Ppymfkn
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 576 wrote to memory of 1116 576 rundll32.exe rundll32.exe PID 576 wrote to memory of 1116 576 rundll32.exe rundll32.exe PID 576 wrote to memory of 1116 576 rundll32.exe rundll32.exe PID 576 wrote to memory of 1116 576 rundll32.exe rundll32.exe PID 576 wrote to memory of 1116 576 rundll32.exe rundll32.exe PID 576 wrote to memory of 1116 576 rundll32.exe rundll32.exe PID 576 wrote to memory of 1116 576 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\45c6403eec7777a7eea11b22d47fd9064fca69415de67fff319b175d9e154cda.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:576 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\45c6403eec7777a7eea11b22d47fd9064fca69415de67fff319b175d9e154cda.dll,#12⤵PID:1116