Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
24-11-2022 03:53
Static task
static1
Behavioral task
behavioral1
Sample
6d5b345798e57ab70021d58adeba8702e9f31c5ea152a6a7099a2d603bebb95a.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6d5b345798e57ab70021d58adeba8702e9f31c5ea152a6a7099a2d603bebb95a.dll
Resource
win10v2004-20221111-en
General
-
Target
6d5b345798e57ab70021d58adeba8702e9f31c5ea152a6a7099a2d603bebb95a.dll
-
Size
560KB
-
MD5
0a5113eb522356640a2a99c22b6f6c72
-
SHA1
c956dcf0e01b0163738178c86ece82f135101759
-
SHA256
6d5b345798e57ab70021d58adeba8702e9f31c5ea152a6a7099a2d603bebb95a
-
SHA512
d883b39f20e11d232e4af0725b81f297db23efb891128f2fd5983bab9068c9a120caa2c45638c9574858f076e3345a7e8548f66f5a0daf2f9abf45b3405b0a60
-
SSDEEP
12288:IiY0EJ5OYJ/b+jM+j2TAb7z/gAJQjqpdBvA:XY0wpF+A+/gkQjqfBv
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 864 wrote to memory of 1076 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 1076 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 1076 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 1076 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 1076 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 1076 864 rundll32.exe rundll32.exe PID 864 wrote to memory of 1076 864 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6d5b345798e57ab70021d58adeba8702e9f31c5ea152a6a7099a2d603bebb95a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6d5b345798e57ab70021d58adeba8702e9f31c5ea152a6a7099a2d603bebb95a.dll,#12⤵