Analysis
-
max time kernel
41s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 17:22
Static task
static1
Behavioral task
behavioral1
Sample
0d4c0e1e7256f772f1b10293b4e335df7e33cb13d0f2735d526b4ddf82cb2875.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0d4c0e1e7256f772f1b10293b4e335df7e33cb13d0f2735d526b4ddf82cb2875.dll
Resource
win10v2004-20220812-en
General
-
Target
0d4c0e1e7256f772f1b10293b4e335df7e33cb13d0f2735d526b4ddf82cb2875.dll
-
Size
30KB
-
MD5
1a1d4911d5d64ac62a0054502ca340b2
-
SHA1
2784280d3138a5b664062f58de4dc446eb87cd84
-
SHA256
0d4c0e1e7256f772f1b10293b4e335df7e33cb13d0f2735d526b4ddf82cb2875
-
SHA512
1fc95c08182f272086eda3ee565d727cda001fe391863ffc63ae63c0526cfb568532d8b2e83397f4e398039c27f65f8c1e7bdc9693efc1a86b341d229f111ce7
-
SSDEEP
384:IqJs5yqusFWtRCcH4DcjZGsXVVbRKdPg0uQEuwb5rKgKMKJCmkLv3jPH/OfGlSTs:IBuss8efsub83LJC33jOfOSPyK
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1488 wrote to memory of 964 1488 rundll32.exe rundll32.exe PID 1488 wrote to memory of 964 1488 rundll32.exe rundll32.exe PID 1488 wrote to memory of 964 1488 rundll32.exe rundll32.exe PID 1488 wrote to memory of 964 1488 rundll32.exe rundll32.exe PID 1488 wrote to memory of 964 1488 rundll32.exe rundll32.exe PID 1488 wrote to memory of 964 1488 rundll32.exe rundll32.exe PID 1488 wrote to memory of 964 1488 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0d4c0e1e7256f772f1b10293b4e335df7e33cb13d0f2735d526b4ddf82cb2875.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1488 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0d4c0e1e7256f772f1b10293b4e335df7e33cb13d0f2735d526b4ddf82cb2875.dll,#12⤵PID:964