Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
25-11-2022 07:01
Static task
static1
Behavioral task
behavioral1
Sample
d1bcc224c7ceebd28f644d4ebc29e8d459ad1a95d02b84d3409db277bf62cde8.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d1bcc224c7ceebd28f644d4ebc29e8d459ad1a95d02b84d3409db277bf62cde8.dll
Resource
win10v2004-20221111-en
General
-
Target
d1bcc224c7ceebd28f644d4ebc29e8d459ad1a95d02b84d3409db277bf62cde8.dll
-
Size
416KB
-
MD5
794a6874ce8a64801936071b2f8bf524
-
SHA1
2f5103b739c59b2f97e4f574e8008eb47cdf78f4
-
SHA256
d1bcc224c7ceebd28f644d4ebc29e8d459ad1a95d02b84d3409db277bf62cde8
-
SHA512
996eb5c22a7c92288aaa3664a43511b92c05dbd095e69db1c2cd07e683d40b10c66a15f0cd79d4523d5a8fae007dd7a83a2ac75b522329007ebef4552a2ba72d
-
SSDEEP
12288:nl6PZwcJ05yalVvrsHsUcACu63RXn0dAbp1:l6hw+dalVvwMBACu0Mgp
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1048 wrote to memory of 540 1048 rundll32.exe rundll32.exe PID 1048 wrote to memory of 540 1048 rundll32.exe rundll32.exe PID 1048 wrote to memory of 540 1048 rundll32.exe rundll32.exe PID 1048 wrote to memory of 540 1048 rundll32.exe rundll32.exe PID 1048 wrote to memory of 540 1048 rundll32.exe rundll32.exe PID 1048 wrote to memory of 540 1048 rundll32.exe rundll32.exe PID 1048 wrote to memory of 540 1048 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d1bcc224c7ceebd28f644d4ebc29e8d459ad1a95d02b84d3409db277bf62cde8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1048 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d1bcc224c7ceebd28f644d4ebc29e8d459ad1a95d02b84d3409db277bf62cde8.dll,#12⤵PID:540