Analysis
-
max time kernel
29s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 18:58
Static task
static1
Behavioral task
behavioral1
Sample
7dd5b75f92931e2ebe6fe51929c46d1028c2807d4195bd8b2d6fcd0b8f8d50f4.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
7dd5b75f92931e2ebe6fe51929c46d1028c2807d4195bd8b2d6fcd0b8f8d50f4.dll
Resource
win10v2004-20221111-en
General
-
Target
7dd5b75f92931e2ebe6fe51929c46d1028c2807d4195bd8b2d6fcd0b8f8d50f4.dll
-
Size
840KB
-
MD5
55ada11bf43b3f546ab16739742b1383
-
SHA1
94b6e6dca01ad19de19d99542514b72517666999
-
SHA256
7dd5b75f92931e2ebe6fe51929c46d1028c2807d4195bd8b2d6fcd0b8f8d50f4
-
SHA512
0b53b7e49969ec98e200e1a00265e547cd46663bb4c89ac5a16932f32d5f34e38fc7844f328f609f384dafe6e97f50ddb9efddb73ba036f456cd40525ea31c8b
-
SSDEEP
24576:SvnImr1gCVYxHnt0NvMveLYHgKn4J9VZrvsyNWAHeKlUUMGgvZT4Ez:QnImr17YxHnt0NvMveL869VZr1NWAOdz
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 532 wrote to memory of 2008 532 rundll32.exe rundll32.exe PID 532 wrote to memory of 2008 532 rundll32.exe rundll32.exe PID 532 wrote to memory of 2008 532 rundll32.exe rundll32.exe PID 532 wrote to memory of 2008 532 rundll32.exe rundll32.exe PID 532 wrote to memory of 2008 532 rundll32.exe rundll32.exe PID 532 wrote to memory of 2008 532 rundll32.exe rundll32.exe PID 532 wrote to memory of 2008 532 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7dd5b75f92931e2ebe6fe51929c46d1028c2807d4195bd8b2d6fcd0b8f8d50f4.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7dd5b75f92931e2ebe6fe51929c46d1028c2807d4195bd8b2d6fcd0b8f8d50f4.dll,#12⤵