Analysis
-
max time kernel
26s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 17:04
Static task
static1
Behavioral task
behavioral1
Sample
0ba769bdf9fd673b46a6b8174bfef97dbac3d9912811662f07dfc38085d19943.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
General
-
Target
0ba769bdf9fd673b46a6b8174bfef97dbac3d9912811662f07dfc38085d19943.dll
-
Size
345KB
-
MD5
09a7bf5f41b4e8239501157ac037467d
-
SHA1
fb4a06d98c001bebbbac2611fbca463bb738e223
-
SHA256
0ba769bdf9fd673b46a6b8174bfef97dbac3d9912811662f07dfc38085d19943
-
SHA512
afbc910cdde6ece3b3762c5a0aa825e4d1371ad1cafb3b98653ffec68de80f448f6e6a23d5ef42d26d1b1ff80e50e7d5110dc074f34454be511361045be3d8b1
-
SSDEEP
6144:eMJOWK4l0wqOVq1cC3dqzKIQ8v7Aw81Ztq:e2OWK4ll7lmIQCn8s
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1228 wrote to memory of 2040 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 2040 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 2040 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 2040 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 2040 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 2040 1228 rundll32.exe rundll32.exe PID 1228 wrote to memory of 2040 1228 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0ba769bdf9fd673b46a6b8174bfef97dbac3d9912811662f07dfc38085d19943.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0ba769bdf9fd673b46a6b8174bfef97dbac3d9912811662f07dfc38085d19943.dll,#12⤵