Analysis
-
max time kernel
23s -
max time network
28s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
24-11-2022 08:12
Behavioral task
behavioral1
Sample
AntiVC.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
AntiVC.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
register.exe
Resource
win7-20220812-en
windows7-x64
5 signatures
150 seconds
General
-
Target
AntiVC.dll
-
Size
47KB
-
MD5
ed0c74815e4d0c37563d89c7af54f2cc
-
SHA1
f12d4e876740769fe8c81fa421827140c8a0cf4e
-
SHA256
f07eb8723995cf5c90bad1a3fa3bc6419dad3952f238413c9b62d1f8ef292945
-
SHA512
0bccb938bca4f4546879119d81a2e7fe88552f87ab7e3cdfe7b70cd7bbcd847a607ff9e4423448e6bd87ffb901780041ad4fae1261ae7adbece53654935fc4ab
-
SSDEEP
768:iaxaL4XsKTYnbdofZpyBXStk4OJ5dIuUCy/s724bMMzxTnefg7hWyfew420pIOTc:x/XsDufXOXck4ODSCyUS4r9Tefg7aWSU
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1684 wrote to memory of 1552 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 1552 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 1552 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 1552 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 1552 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 1552 1684 rundll32.exe rundll32.exe PID 1684 wrote to memory of 1552 1684 rundll32.exe rundll32.exe