Analysis
-
max time kernel
37s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
24-11-2022 07:19
Behavioral task
behavioral1
Sample
bf41e49fcd4503dd76a71132b90998d164824be1c6f42b25c14c5b17b2b2f8fc.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
bf41e49fcd4503dd76a71132b90998d164824be1c6f42b25c14c5b17b2b2f8fc.dll
Resource
win10v2004-20221111-en
General
-
Target
bf41e49fcd4503dd76a71132b90998d164824be1c6f42b25c14c5b17b2b2f8fc.dll
-
Size
21KB
-
MD5
7ac32384b1401d9be5a1822df841d23d
-
SHA1
88926d7da2c30791dbc555b9cfd7622089df0172
-
SHA256
bf41e49fcd4503dd76a71132b90998d164824be1c6f42b25c14c5b17b2b2f8fc
-
SHA512
92d8c2613df07670817695657bb3c0e8169f81a9706d42a341de2b3aa2645fe0d879b48cdc2cc2c852a2139a0bf87f8131628e67d5a04bd762f68b1dbf1a18e4
-
SSDEEP
384:sJshczEHvm1LCieXp1DRoBLLoRvK3V7m6sTsWtttOa/CchYlWiy:spzEHvypF0Z+V7rsTsitZ/CchYla
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2000 wrote to memory of 1968 2000 rundll32.exe rundll32.exe PID 2000 wrote to memory of 1968 2000 rundll32.exe rundll32.exe PID 2000 wrote to memory of 1968 2000 rundll32.exe rundll32.exe PID 2000 wrote to memory of 1968 2000 rundll32.exe rundll32.exe PID 2000 wrote to memory of 1968 2000 rundll32.exe rundll32.exe PID 2000 wrote to memory of 1968 2000 rundll32.exe rundll32.exe PID 2000 wrote to memory of 1968 2000 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bf41e49fcd4503dd76a71132b90998d164824be1c6f42b25c14c5b17b2b2f8fc.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bf41e49fcd4503dd76a71132b90998d164824be1c6f42b25c14c5b17b2b2f8fc.dll,#12⤵