Analysis
-
max time kernel
58s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 17:00
Static task
static1
Behavioral task
behavioral1
Sample
ae36aa74767f8122465bcc7c11dbf3328451bcc189c7aa9e59a0a58695fc8a85.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ae36aa74767f8122465bcc7c11dbf3328451bcc189c7aa9e59a0a58695fc8a85.dll
Resource
win10v2004-20221111-en
General
-
Target
ae36aa74767f8122465bcc7c11dbf3328451bcc189c7aa9e59a0a58695fc8a85.dll
-
Size
68KB
-
MD5
8985d73f08638b4b48ecd30759c9e53f
-
SHA1
400a90c9eabeb94ae05e5036e21dc922b0c1ffad
-
SHA256
ae36aa74767f8122465bcc7c11dbf3328451bcc189c7aa9e59a0a58695fc8a85
-
SHA512
b97c0e2922f9cdfe8f0f01b4ddb261f0ffb29a91f769ebd3f86ea8bf058073068b49d4490ae2aa3cd25dfbef1db138b982c94a0dce484781a7c7551d7c3fa4b2
-
SSDEEP
1536:Mmw46ETnLFn4pSM+Mx3P+oX9AgKoT7e7BS:MmLJLFn4pSMVx3P+mNKoTAo
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2028 wrote to memory of 296 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 296 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 296 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 296 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 296 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 296 2028 rundll32.exe rundll32.exe PID 2028 wrote to memory of 296 2028 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ae36aa74767f8122465bcc7c11dbf3328451bcc189c7aa9e59a0a58695fc8a85.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ae36aa74767f8122465bcc7c11dbf3328451bcc189c7aa9e59a0a58695fc8a85.dll,#12⤵PID:296