Analysis
-
max time kernel
45s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 20:38
Static task
static1
Behavioral task
behavioral1
Sample
3cf254460c95397a5a3d5277b80167b3c0ae605376c3798dc32531387be7a699.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
3cf254460c95397a5a3d5277b80167b3c0ae605376c3798dc32531387be7a699.dll
Resource
win10v2004-20220812-en
General
-
Target
3cf254460c95397a5a3d5277b80167b3c0ae605376c3798dc32531387be7a699.dll
-
Size
273KB
-
MD5
719df51491c76f8f36900dfd54b3c5dc
-
SHA1
3d21547232cfd68970b5bbf2078d4eee9e595ac2
-
SHA256
3cf254460c95397a5a3d5277b80167b3c0ae605376c3798dc32531387be7a699
-
SHA512
93dcc61ac9a081f7451bafdae0d4c651b2cf5e6ede9a70d704aed1ede1ce29de0426e33499e92f8170ca63d9bffdad7cc3d4fb5d8e5b74591aca4866b7733b60
-
SSDEEP
6144:0sPy1hPsPy1ssPy1wsPy1xn1RdHo1FqPImFsLPR9Ct:00y1B0y1s0y1w0y1x1RdI1IHJ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1340 wrote to memory of 1276 1340 rundll32.exe rundll32.exe PID 1340 wrote to memory of 1276 1340 rundll32.exe rundll32.exe PID 1340 wrote to memory of 1276 1340 rundll32.exe rundll32.exe PID 1340 wrote to memory of 1276 1340 rundll32.exe rundll32.exe PID 1340 wrote to memory of 1276 1340 rundll32.exe rundll32.exe PID 1340 wrote to memory of 1276 1340 rundll32.exe rundll32.exe PID 1340 wrote to memory of 1276 1340 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3cf254460c95397a5a3d5277b80167b3c0ae605376c3798dc32531387be7a699.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3cf254460c95397a5a3d5277b80167b3c0ae605376c3798dc32531387be7a699.dll,#12⤵