Analysis
-
max time kernel
11s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
25-11-2022 12:34
Static task
static1
Behavioral task
behavioral1
Sample
d7b6cf19e24f51e1dce2c4504460ec9d6c561e7317c9afefbdf51a5c44f44ac6.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
d7b6cf19e24f51e1dce2c4504460ec9d6c561e7317c9afefbdf51a5c44f44ac6.dll
Resource
win10v2004-20221111-en
General
-
Target
d7b6cf19e24f51e1dce2c4504460ec9d6c561e7317c9afefbdf51a5c44f44ac6.dll
-
Size
524KB
-
MD5
5aaff2584315f689af917fc69fa83bf5
-
SHA1
d28cdc9588c902d67d375f723f7163eedb1ea857
-
SHA256
d7b6cf19e24f51e1dce2c4504460ec9d6c561e7317c9afefbdf51a5c44f44ac6
-
SHA512
016a845abd7e28b3e588d5dae74ee4a6541715fa21ebcc54897d1ba10b18d4e60887081b53b4014d66fcca97635cafc3e133461f59cf29162bde46a2c3aff07b
-
SSDEEP
12288:IvI07twZhHJguO9Xns3gy4dk+PZYDpidR97R6q7:bsQHJguO9XnXy4kuKdaR6C
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1356 wrote to memory of 1360 1356 rundll32.exe rundll32.exe PID 1356 wrote to memory of 1360 1356 rundll32.exe rundll32.exe PID 1356 wrote to memory of 1360 1356 rundll32.exe rundll32.exe PID 1356 wrote to memory of 1360 1356 rundll32.exe rundll32.exe PID 1356 wrote to memory of 1360 1356 rundll32.exe rundll32.exe PID 1356 wrote to memory of 1360 1356 rundll32.exe rundll32.exe PID 1356 wrote to memory of 1360 1356 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d7b6cf19e24f51e1dce2c4504460ec9d6c561e7317c9afefbdf51a5c44f44ac6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1356 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d7b6cf19e24f51e1dce2c4504460ec9d6c561e7317c9afefbdf51a5c44f44ac6.dll,#12⤵PID:1360